9.8

CVE-2026-22778

EPSS 0.08%
Veröffentlicht 02.02.2026 23:16:06
Zuletzt bearbeitet 23.02.2026 18:19:12
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

vLLM is an inference and serving engine for large language models (LLMs). From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns this error to the client, leaking a heap address. With this leak, we reduce ASLR from 4 billion guesses to ~8 guesses. This vulnerability can be chained a heap overflow with JPEG2000 decoder in OpenCV/FFmpeg to achieve remote code execution. This vulnerability is fixed in 0.14.1.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Vllm ≫ Vllm Version >= 0.8.3 < 0.14.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.228

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

https://github.com/vllm-project/vllm/pull/31987

Patch

Issue Tracking

https://github.com/vllm-project/vllm/pull/32319

Patch

Issue Tracking

https://github.com/vllm-project/vllm/releases/tag/v0.14.1

Release Notes

https://github.com/vllm-project/vllm/security/advisories/GHSA-4r2x-xpjr-7cvv

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-22778

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-22778

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-22778

EUVD