CNNVD-202511-2540 Information
CNNVD ID
CNNVD-202511-2540
Related CVE
- CNNVD Published: 2025-11-21
Description (Chinese)
vLLM是vLLM开源的一个适用于 LLM 的高吞吐量和内存高效推理和服务引擎。 vLLM 0.5.5版本至0.11.1之前版本存在安全漏洞,该漏洞源于chat_template_kwargs参数验证不足,可能导致API服务器处理阻塞。
Description (English)
vLLM is a high-volume throughput and memory efficient reasoning and service engine for VLLM open source. There is a security gap between vLM version 0.5.5 and pre-0.11.1, which stems from the lack of verification of the parameters of chat template kwargs, which may lead to obstruction of API processing.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
vLLM
Published
2025-11-21
Last Modified
2026-02-24
References
https://github.com/vllm-project/vllm/blob/2a6dc67eb520ddb9c4138d8b35ed6fe6226997fb/vllm/entrypoints/chat_utils.py#L1602-L1610 https://github.com/vllm-project/vllm/blob/2a6dc67eb520ddb9c4138d8b35ed6fe6226997fb/vllm/entrypoints/openai/serving_engine.py#L809-L814 https://github.com/vllm-project/vllm/commit/3ada34f9cb4d1af763fdfa3b481862a93eb6bd2b https://github.com/vllm-project/vllm/pull/27205 https://github.com/vllm-project/vllm/security/advisories/GHSA-69j4-grxj-j64p
Patch
https://github.com/vllm-project/vllm/releases
Share on: