CNNVD-202602-061 Information
Feb 02, 2026
cve
CNNVD ID
CNNVD-202602-061
Related CVE
- CNNVD Published: 2026-02-02
Description (Chinese)
vLLM是vLLM开源的一个适用于 LLM 的高吞吐量和内存高效推理和服务引擎。 vLLM 0.8.3至0.14.1之前版本存在日志信息泄露漏洞,该漏洞源于处理无效图像时泄露堆地址,可能降低ASLR有效性并最终导致远程代码执行。
Description (English)
vLLM is a high-volume throughput and memory efficient reasoning and service engine for VLLM open source. The pre-vLM version 0.8.3 to 0.14.1 contains a log information leak that originates from the release of the stack address while processing invalid images, which may reduce ASLR ’ s validity and eventually lead to remote code execution.
Hazard Level
High
Vulnerability Type
日志信息泄露
Affected Vendor
vLLM
Published
2026-02-02
Last Modified
2026-02-24
References
https://github.com/vllm-project/vllm/pull/31987 https://github.com/vllm-project/vllm/pull/32319 https://github.com/vllm-project/vllm/releases/tag/v0.14.1 https://github.com/vllm-project/vllm/security/advisories/GHSA-4r2x-xpjr-7cvv