CNNVD-202601-1784 Information

CNNVD ID

CNNVD-202601-1784

Related CVE

CVE-2026-22773

• CNNVD Published: 2026-01-10

Description (Chinese)

vLLM是vLLM开源的一个适用于 LLM 的高吞吐量和内存高效推理和服务引擎。 vLLM 0.6.4版本至0.12.0之前版本存在安全漏洞，该漏洞源于发送特制的1x1像素图像会导致张量维度不匹配，可能导致服务器完全终止。

Description (English)

vLLM is a high-volume throughput and memory efficient reasoning and service engine for VLLM open source. vLM versions 0.6.4 to 0.12.0 have a security loophole, which stems from the sending of a unique 1x1 pixel image, which could lead to a mismatch between the dimensions of the scale and possibly the complete termination of the server.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

vLLM

Published

2026-01-10

Last Modified

2026-02-24

References

https://github.com/vllm-project/vllm/security/advisories/GHSA-grg2-63fw-f2qr

Patch

https://github.com/vllm-project/vllm/releases