CNNVD-202601-4444 Information

CNNVD ID

CNNVD-202601-4444

Related CVE

CVE-2026-24779

• CNNVD Published: 2026-01-27

Description (Chinese)

vLLM是vLLM开源的一个适用于 LLM 的高吞吐量和内存高效推理和服务引擎。 vLLM 0.14.1之前版本存在代码问题漏洞，该漏洞源于MediaConnector类中不同解析库对反斜杠的解释存在差异，可能导致服务端请求伪造。

Description (English)

vLLM is a high-volume throughput and memory efficient reasoning and service engine for VLLM open source. There was a code problem loophole in the pre vLM 0.14.1 version, which stemmed from the differences in the interpretation of the back slash in the resolve library in the MediaConnector category, which could lead to the forgery of service requests.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

vLLM

Published

2026-01-27

Last Modified

2026-02-24

References

https://github.com/vllm-project/vllm/commit/f46d576c54fb8aeec5fc70560e850bed38ef17d7 https://github.com/vllm-project/vllm/pull/32746 https://github.com/vllm-project/vllm/security/advisories/GHSA-qh4c-xf7m-gxfc

Patch

https://vllm.ai/