Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-34755 (GCVE-0-2026-34755)
Vulnerability from cvelistv5 – Published: 2026-04-06 15:38 – Updated: 2026-07-07 12:05- CWE-770 - Allocation of Resources Without Limits or Throttling
| URL | Tags |
|---|---|
| https://github.com/vllm-project/vllm/security/adv… | x_refsource_CONFIRM |
| https://access.redhat.com/security/cve/CVE-2026-34755 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2455403 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| https://access.redhat.com/errata/RHSA-2026:36005 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:36006 | vendor-advisoryx_refsource_REDHAT |
| Vendor | Product | Version | |
|---|---|---|---|
| vllm-project | vllm |
Affected:
>= 0.7.0, < 0.19.0
|
|
| Red Hat | Red Hat AI Inference Server 3.2 |
cpe:/a:redhat:ai_inference_server:3.2::el9 |
|
| Red Hat | Red Hat AI Inference Server |
cpe:/a:redhat:ai_inference_server:3 |
|
| Red Hat | Red Hat Enterprise Linux AI (RHEL AI) 3 |
cpe:/a:redhat:enterprise_linux_ai:3 |
|
| Red Hat | Red Hat OpenShift AI (RHOAI) |
cpe:/a:redhat:openshift_ai |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34755",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T18:36:13.854345Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T18:36:31.152Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:ai_inference_server:3.2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat AI Inference Server 3.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ai_inference_server:3"
],
"defaultStatus": "affected",
"product": "Red Hat AI Inference Server",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux_ai:3"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
}
],
"datePublic": "2026-04-06T15:38:53.201Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in vLLM, an inference and serving engine for large language models. A remote attacker can exploit a vulnerability in the VideoMediaIO.load_base64() method by sending a single API request containing a large number of comma-separated base64-encoded JPEG frames. This bypasses the intended frame count limit, causing the server to decode all frames into memory. This can lead to an Out-of-Memory (OOM) crash, resulting in a Denial of Service (DoS) for the affected system."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-07T12:05:06.219Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-34755"
},
{
"name": "RHBZ#2455403",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455403"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34755.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36005"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36006"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:36005: Red Hat AI Inference Server 3.2"
},
{
"lang": "en",
"value": "RHSA-2026:36006: Red Hat AI Inference Server 3.2"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-06T16:02:21.718Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-04-06T15:38:53.201Z",
"value": "Made public."
}
],
"title": "vLLM: vLLM: Denial of Service due to excessive video frame processing",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "vllm",
"vendor": "vllm-project",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.7.0, \u003c 0.19.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vLLM is an inference and serving engine for large language models (LLMs). From 0.7.0 to before 0.19.0, the VideoMediaIO.load_base64() method at vllm/multimodal/media/video.py splits video/jpeg data URLs by comma to extract individual JPEG frames, but does not enforce a frame count limit. The num_frames parameter (default: 32), which is enforced by the load_bytes() code path, is completely bypassed in the video/jpeg base64 path. An attacker can send a single API request containing thousands of comma-separated base64-encoded JPEG frames, causing the server to decode all frames into memory and crash with OOM. This vulnerability is fixed in 0.19.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T15:38:53.201Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pq5c-rjhq-qp7p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pq5c-rjhq-qp7p"
}
],
"source": {
"advisory": "GHSA-pq5c-rjhq-qp7p",
"discovery": "UNKNOWN"
},
"title": "vLLM Affected by Denial of Service via Unbounded Frame Count in video/jpeg Base64 Processing"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-34755",
"datePublished": "2026-04-06T15:38:53.201Z",
"dateReserved": "2026-03-30T19:17:10.225Z",
"dateUpdated": "2026-07-07T12:05:06.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-34755",
"date": "2026-07-09",
"epss": "0.00378",
"percentile": "0.29813"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-34755\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-04-06T16:16:36.463\",\"lastModified\":\"2026-07-07T12:16:38.903\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"vLLM is an inference and serving engine for large language models (LLMs). From 0.7.0 to before 0.19.0, the VideoMediaIO.load_base64() method at vllm/multimodal/media/video.py splits video/jpeg data URLs by comma to extract individual JPEG frames, but does not enforce a frame count limit. The num_frames parameter (default: 32), which is enforced by the load_bytes() code path, is completely bypassed in the video/jpeg base64 path. An attacker can send a single API request containing thousands of comma-separated base64-encoded JPEG frames, causing the server to decode all frames into memory and crash with OOM. This vulnerability is fixed in 0.19.0.\"}],\"affected\":[{\"source\":\"security-advisories@github.com\",\"affectedData\":[{\"vendor\":\"vllm-project\",\"product\":\"vllm\",\"versions\":[{\"version\":\"\u003e= 0.7.0, \u003c 0.19.0\",\"status\":\"affected\"}]}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"Red Hat AI Inference Server 3.2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ai_inference_server:3.2::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat AI Inference Server\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ai_inference_server:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AI (RHEL AI) 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux_ai:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift AI (RHOAI)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_ai\"]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-04-06T18:36:13.854345Z\",\"id\":\"CVE-2026-34755\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"0.7.0\",\"versionEndExcluding\":\"0.19.0\",\"matchCriteriaId\":\"36E450C9-1DE7-4CEE-835B-FBE1D9F37704\"}]}]}],\"references\":[{\"url\":\"https://github.com/vllm-project/vllm/security/advisories/GHSA-pq5c-rjhq-qp7p\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36005\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36006\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-34755\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2455403\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34755.json\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"vLLM: vLLM: Denial of Service due to excessive video frame processing\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"cpes\": [\"cpe:/a:redhat:ai_inference_server:3.2::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat AI Inference Server 3.2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ai_inference_server:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat AI Inference Server\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux_ai:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AI (RHEL AI) 3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_ai\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift AI (RHOAI)\", \"defaultStatus\": \"affected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-04-06T16:02:21.718Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2026-04-06T15:38:53.201Z\", \"value\": \"Made public.\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"RHSA-2026:36005: Red Hat AI Inference Server 3.2\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:36006: Red Hat AI Inference Server 3.2\"}], \"x_adpType\": \"supplier\", \"datePublic\": \"2026-04-06T15:38:53.201Z\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2026-34755\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2455403\", \"name\": \"RHBZ#2455403\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34755.json\", \"tags\": [\"x_sadp-csaf-vex\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:36005\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:36006\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\"}], \"x_generator\": {\"engine\": \"sadp-cli 1.0.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in vLLM, an inference and serving engine for large language models. A remote attacker can exploit a vulnerability in the VideoMediaIO.load_base64() method by sending a single API request containing a large number of comma-separated base64-encoded JPEG frames. This bypasses the intended frame count limit, causing the server to decode all frames into memory. This can lead to an Out-of-Memory (OOM) crash, resulting in a Denial of Service (DoS) for the affected system.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\", \"shortName\": \"redhat-SADP\", \"dateUpdated\": \"2026-07-07T12:05:06.219Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-34755\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-06T18:36:13.854345Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-06T18:36:26.827Z\"}}], \"cna\": {\"title\": \"vLLM Affected by Denial of Service via Unbounded Frame Count in video/jpeg Base64 Processing\", \"source\": {\"advisory\": \"GHSA-pq5c-rjhq-qp7p\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"vllm-project\", \"product\": \"vllm\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 0.7.0, \u003c 0.19.0\"}]}], \"references\": [{\"url\": \"https://github.com/vllm-project/vllm/security/advisories/GHSA-pq5c-rjhq-qp7p\", \"name\": \"https://github.com/vllm-project/vllm/security/advisories/GHSA-pq5c-rjhq-qp7p\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"vLLM is an inference and serving engine for large language models (LLMs). From 0.7.0 to before 0.19.0, the VideoMediaIO.load_base64() method at vllm/multimodal/media/video.py splits video/jpeg data URLs by comma to extract individual JPEG frames, but does not enforce a frame count limit. The num_frames parameter (default: 32), which is enforced by the load_bytes() code path, is completely bypassed in the video/jpeg base64 path. An attacker can send a single API request containing thousands of comma-separated base64-encoded JPEG frames, causing the server to decode all frames into memory and crash with OOM. This vulnerability is fixed in 0.19.0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770: Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-04-06T15:38:53.201Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-34755\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-07T12:05:06.219Z\", \"dateReserved\": \"2026-03-30T19:17:10.225Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-04-06T15:38:53.201Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-34755
Vulnerability from fkie_nvd - Published: 2026-04-06 16:16 - Updated: 2026-07-07 12:166.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
{
"affected": [
{
"affectedData": [
{
"product": "vllm",
"vendor": "vllm-project",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.7.0, \u003c 0.19.0"
}
]
}
],
"source": "security-advisories@github.com"
},
{
"affectedData": [
{
"cpes": [
"cpe:/a:redhat:ai_inference_server:3.2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat AI Inference Server 3.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ai_inference_server:3"
],
"defaultStatus": "affected",
"product": "Red Hat AI Inference Server",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux_ai:3"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
}
],
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36E450C9-1DE7-4CEE-835B-FBE1D9F37704",
"versionEndExcluding": "0.19.0",
"versionStartIncluding": "0.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "vLLM is an inference and serving engine for large language models (LLMs). From 0.7.0 to before 0.19.0, the VideoMediaIO.load_base64() method at vllm/multimodal/media/video.py splits video/jpeg data URLs by comma to extract individual JPEG frames, but does not enforce a frame count limit. The num_frames parameter (default: 32), which is enforced by the load_bytes() code path, is completely bypassed in the video/jpeg base64 path. An attacker can send a single API request containing thousands of comma-separated base64-encoded JPEG frames, causing the server to decode all frames into memory and crash with OOM. This vulnerability is fixed in 0.19.0."
}
],
"id": "CVE-2026-34755",
"lastModified": "2026-07-07T12:16:38.903",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-34755",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T18:36:13.854345Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-04-06T16:16:36.463",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pq5c-rjhq-qp7p"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:36005"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:36006"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/security/cve/CVE-2026-34755"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455403"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34755.json"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"type": "Secondary"
}
]
}
GHSA-PQ5C-RJHQ-QP7P
Vulnerability from github – Published: 2026-04-03 21:51 – Updated: 2026-06-08 19:52Summary
The VideoMediaIO.load_base64() method at vllm/multimodal/media/video.py:51-62 splits video/jpeg data URLs by comma to extract individual JPEG frames, but does not enforce a frame count limit. The num_frames parameter (default: 32), which is enforced by the load_bytes() code path at line 47-48, is completely bypassed in the video/jpeg base64 path. An attacker can send a single API request containing thousands of comma-separated base64-encoded JPEG frames, causing the server to decode all frames into memory and crash with OOM.
Details
Vulnerable code
# video.py:51-62
def load_base64(self, media_type: str, data: str) -> tuple[npt.NDArray, dict[str, Any]]:
if media_type.lower() == "video/jpeg":
load_frame = partial(self.image_io.load_base64, "image/jpeg")
return np.stack(
[np.asarray(load_frame(frame_data)) for frame_data in data.split(",")]
# ^^^^^^^^^^
# Unbounded split — no frame count limit
), {}
return self.load_bytes(base64.b64decode(data))
The load_bytes() path (line 47-48) properly delegates to a video loader that respects self.num_frames (default 32). The load_base64("video/jpeg", ...) path bypasses this limit entirely — data.split(",") produces an unbounded list and every frame is decoded into a numpy array.
video/jpeg is part of vLLM's public API
video/jpeg is a vLLM-specific MIME type, not IANA-registered. However it is part of the public API surface:
encode_video_url()atvllm/multimodal/utils.py:96-108generatesdata:video/jpeg;base64,...URLs- Official test suites at
tests/entrypoints/openai/test_video.py:62andtests/entrypoints/test_chat_utils.py:153both use this format
Memory amplification
Each JPEG frame decodes to a full numpy array. For 640x480 RGB images, each frame is ~921 KB decoded. 5000 frames = ~4.6 GB. np.stack() then creates an additional copy. The compressed JPEG payload is small (~100 KB for 5000 frames) but decompresses to gigabytes.
Data flow
POST /v1/chat/completions
→ chat_utils.py:1434 video_url type → mm_parser.parse_video()
→ chat_utils.py:872 parse_video() → self._connector.fetch_video()
→ connector.py:295 fetch_video() → load_from_url(url, self.video_io)
→ connector.py:91 _load_data_url(): url_spec.path.split(",", 1)
→ media_type = "video/jpeg"
→ data = "<frame1>,<frame2>,...,<frame10000>"
→ connector.py:100 media_io.load_base64("video/jpeg", data)
→ video.py:54 data.split(",") ← UNBOUNDED
→ video.py:55-57 all frames decoded into numpy arrays
→ video.py:56 np.stack([...]) ← massive combined array → OOM
connector.py:91 uses split(",", 1) which splits on only the first comma. All remaining commas stay in data and are later split by video.py:54.
Comparison with existing protections
| Code Path | Frame Limit | File |
|---|---|---|
load_bytes() (binary video) |
Yes — num_frames (default 32) |
video.py:46-49 |
load_base64("video/jpeg", ...) |
No — unlimited data.split(",") |
video.py:51-62 |
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "vllm"
},
"ranges": [
{
"events": [
{
"introduced": "0.7.0"
},
{
"fixed": "0.19.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-34755"
],
"database_specific": {
"cwe_ids": [
"CWE-770"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-03T21:51:35Z",
"nvd_published_at": "2026-04-06T16:16:36Z",
"severity": "MODERATE"
},
"details": "## Summary\n\nThe `VideoMediaIO.load_base64()` method at `vllm/multimodal/media/video.py:51-62` splits `video/jpeg` data URLs by comma to extract individual JPEG frames, but does not enforce a frame count limit. The `num_frames` parameter (default: 32), which is enforced by the `load_bytes()` code path at line 47-48, is completely bypassed in the `video/jpeg` base64 path. An attacker can send a single API request containing thousands of comma-separated base64-encoded JPEG frames, causing the server to decode all frames into memory and crash with OOM.\n\n## Details\n\n### Vulnerable code\n\n```python\n# video.py:51-62\ndef load_base64(self, media_type: str, data: str) -\u003e tuple[npt.NDArray, dict[str, Any]]:\n if media_type.lower() == \"video/jpeg\":\n load_frame = partial(self.image_io.load_base64, \"image/jpeg\")\n return np.stack(\n [np.asarray(load_frame(frame_data)) for frame_data in data.split(\",\")]\n # ^^^^^^^^^^\n # Unbounded split \u2014 no frame count limit\n ), {}\n return self.load_bytes(base64.b64decode(data))\n```\n\nThe `load_bytes()` path (line 47-48) properly delegates to a video loader that respects `self.num_frames` (default 32). The `load_base64(\"video/jpeg\", ...)` path bypasses this limit entirely \u2014 `data.split(\",\")` produces an unbounded list and every frame is decoded into a numpy array.\n\n### video/jpeg is part of vLLM\u0027s public API\n\n`video/jpeg` is a vLLM-specific MIME type, not IANA-registered. However it is part of the public API surface:\n\n- `encode_video_url()` at `vllm/multimodal/utils.py:96-108` generates `data:video/jpeg;base64,...` URLs\n- Official test suites at `tests/entrypoints/openai/test_video.py:62` and `tests/entrypoints/test_chat_utils.py:153` both use this format\n\n### Memory amplification\n\nEach JPEG frame decodes to a full numpy array. For 640x480 RGB images, each frame is ~921 KB decoded. 5000 frames = ~4.6 GB. `np.stack()` then creates an additional copy. The compressed JPEG payload is small (~100 KB for 5000 frames) but decompresses to gigabytes.\n\n### Data flow\n\n```\nPOST /v1/chat/completions\n \u2192 chat_utils.py:1434 video_url type \u2192 mm_parser.parse_video()\n \u2192 chat_utils.py:872 parse_video() \u2192 self._connector.fetch_video()\n \u2192 connector.py:295 fetch_video() \u2192 load_from_url(url, self.video_io)\n \u2192 connector.py:91 _load_data_url(): url_spec.path.split(\",\", 1)\n \u2192 media_type = \"video/jpeg\"\n \u2192 data = \"\u003cframe1\u003e,\u003cframe2\u003e,...,\u003cframe10000\u003e\"\n \u2192 connector.py:100 media_io.load_base64(\"video/jpeg\", data)\n \u2192 video.py:54 data.split(\",\") \u2190 UNBOUNDED\n \u2192 video.py:55-57 all frames decoded into numpy arrays\n \u2192 video.py:56 np.stack([...]) \u2190 massive combined array \u2192 OOM\n```\n\n`connector.py:91` uses `split(\",\", 1)` which splits on only the first comma. All remaining commas stay in `data` and are later split by `video.py:54`.\n\n### Comparison with existing protections\n\n| Code Path | Frame Limit | File |\n|-----------|-------------|------|\n| `load_bytes()` (binary video) | Yes \u2014 `num_frames` (default 32) | video.py:46-49 |\n| `load_base64(\"video/jpeg\", ...)` | No \u2014 unlimited `data.split(\",\")` | video.py:51-62 |",
"id": "GHSA-pq5c-rjhq-qp7p",
"modified": "2026-06-08T19:52:31Z",
"published": "2026-04-03T21:51:35Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pq5c-rjhq-qp7p"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34755"
},
{
"type": "WEB",
"url": "https://github.com/vllm-project/vllm/pull/38636"
},
{
"type": "WEB",
"url": "https://github.com/vllm-project/vllm/commit/58ee61422169ce17e08248f8efa1e9df434fe395"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/vllm/PYSEC-2026-144.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/vllm-project/vllm"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "vLLM: Denial of Service via Unbounded Frame Count in video/jpeg Base64 Processing"
}
PYSEC-2026-144
Vulnerability from pysec - Published: 2026-04-06 16:16 - Updated: 2026-05-20 09:19vLLM is an inference and serving engine for large language models (LLMs). From 0.7.0 to before 0.19.0, the VideoMediaIO.load_base64() method at vllm/multimodal/media/video.py splits video/jpeg data URLs by comma to extract individual JPEG frames, but does not enforce a frame count limit. The num_frames parameter (default: 32), which is enforced by the load_bytes() code path, is completely bypassed in the video/jpeg base64 path. An attacker can send a single API request containing thousands of comma-separated base64-encoded JPEG frames, causing the server to decode all frames into memory and crash with OOM. This vulnerability is fixed in 0.19.0.
| Name | purl | vllm | pkg:pypi/vllm |
|---|
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "vllm",
"purl": "pkg:pypi/vllm"
},
"ranges": [
{
"events": [
{
"introduced": "0.7.0"
},
{
"fixed": "0.19.0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.10.0",
"0.10.1",
"0.10.1.1",
"0.10.2",
"0.11.0",
"0.11.1",
"0.11.2",
"0.12.0",
"0.13.0",
"0.14.0",
"0.14.1",
"0.15.0",
"0.15.1",
"0.16.0",
"0.17.0",
"0.17.1",
"0.18.0",
"0.18.1",
"0.7.0",
"0.7.1",
"0.7.2",
"0.7.3",
"0.8.0",
"0.8.1",
"0.8.2",
"0.8.3",
"0.8.4",
"0.8.5",
"0.8.5.post1",
"0.9.0",
"0.9.0.1",
"0.9.1",
"0.9.2"
]
}
],
"aliases": [
"CVE-2026-34755",
"GHSA-pq5c-rjhq-qp7p"
],
"details": "vLLM is an inference and serving engine for large language models (LLMs). From 0.7.0 to before 0.19.0, the VideoMediaIO.load_base64() method at vllm/multimodal/media/video.py splits video/jpeg data URLs by comma to extract individual JPEG frames, but does not enforce a frame count limit. The num_frames parameter (default: 32), which is enforced by the load_bytes() code path, is completely bypassed in the video/jpeg base64 path. An attacker can send a single API request containing thousands of comma-separated base64-encoded JPEG frames, causing the server to decode all frames into memory and crash with OOM. This vulnerability is fixed in 0.19.0.",
"id": "PYSEC-2026-144",
"modified": "2026-05-20T09:19:21.539785Z",
"published": "2026-04-06T16:16:36.463Z",
"references": [
{
"type": "FIX",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pq5c-rjhq-qp7p"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
RHSA-2026:36005
Vulnerability from csaf_redhat - Published: 2026-07-06 16:43 - Updated: 2026-07-08 06:40A flaw was found in giflib. A remote attacker can exploit a buffer overflow vulnerability in the EGifGCBToExtension function by providing a specially crafted Graphics Control Extension (GCE) block. This allows overwriting an existing GCE block without proper size validation, leading to a denial of service (DoS) on the system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64 | — |
Vendor Fix
fix
Workaround
|
A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in vLLM, an inference and serving engine for large language models. A remote attacker can exploit a vulnerability in the VideoMediaIO.load_base64() method by sending a single API request containing a large number of comma-separated base64-encoded JPEG frames. This bypasses the intended frame count limit, causing the server to decode all frames into memory. This can lead to an Out-of-Memory (OOM) crash, resulting in a Denial of Service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). An unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request with an excessively large 'n' parameter to the vLLM OpenAI-compatible API server. This can lead to a Denial of Service (DoS) by consuming excessive memory and blocking the system's event loop, causing the server to crash.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the `complete`, `guitabtooltip`, `printheader` options and the `mapset` function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). An unauthenticated attacker can exploit an assert-based security check during activation function loading. By publishing a malicious HuggingFace model, an attacker can achieve arbitrary code execution on the server when vLLM runs in Python optimized mode.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64 | — |
Vendor Fix
fix
|
A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64 | — |
Vendor Fix
fix
|
A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). This vulnerability, residing in ASGI web servers and Starlette's trust in them, allows an attacker to bypass the OpenAI API Authentication Middleware. This bypass enables unauthorized access to the API without requiring the configured VLLM_API_KEY or --api-key, leading to critical unauthorized operations.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). The temperature validation gates, which use comparison operators, incorrectly handle Not-a-Number (NaN) and positive Infinity values in Python's IEEE 754 float semantics. These invalid values can bypass validation and propagate to GPU sampling kernels, leading to undefined behavior or CUDA errors that can crash the inference worker. This could allow an attacker to cause a Denial of Service (DoS) by providing specially crafted input.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Starlette where the request.form() method silently ignores configured resource limits (max_fields and max_part_size) when parsing application/x-www-form-urlencoded data. An unauthenticated attacker can exploit this by sending a urlencoded request body with an arbitrarily large number of fields or an oversized field, causing denial of service through resource exhaustion.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AI Inference Server 3.2.2 (CUDA) is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat\u00ae AI Inference Server",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:36005",
"url": "https://access.redhat.com/errata/RHSA-2026:36005"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26740",
"url": "https://access.redhat.com/security/cve/CVE-2026-26740"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33845",
"url": "https://access.redhat.com/security/cve/CVE-2026-33845"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33846",
"url": "https://access.redhat.com/security/cve/CVE-2026-33846"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34755",
"url": "https://access.redhat.com/security/cve/CVE-2026-34755"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34756",
"url": "https://access.redhat.com/security/cve/CVE-2026-34756"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34982",
"url": "https://access.redhat.com/security/cve/CVE-2026-34982"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41523",
"url": "https://access.redhat.com/security/cve/CVE-2026-41523"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42009",
"url": "https://access.redhat.com/security/cve/CVE-2026-42009"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42010",
"url": "https://access.redhat.com/security/cve/CVE-2026-42010"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48746",
"url": "https://access.redhat.com/security/cve/CVE-2026-48746"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-54235",
"url": "https://access.redhat.com/security/cve/CVE-2026-54235"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-54283",
"url": "https://access.redhat.com/security/cve/CVE-2026-54283"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://www.redhat.com/en/products/ai/inference-server",
"url": "https://www.redhat.com/en/products/ai/inference-server"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_36005.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AI Inference Server 3.2.2 (CUDA)",
"tracking": {
"current_release_date": "2026-07-08T06:40:54+00:00",
"generator": {
"date": "2026-07-08T06:40:54+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:36005",
"initial_release_date": "2026-07-06T16:43:22+00:00",
"revision_history": [
{
"date": "2026-07-06T16:43:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-06T16:43:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-08T06:40:54+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AI Inference Server 3.2",
"product": {
"name": "Red Hat AI Inference Server 3.2",
"product_id": "Red Hat AI Inference Server 3.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ai_inference_server:3.2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat AI Inference Server"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"product": {
"name": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"product_id": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vllm-cuda-rhel9@sha256%3A6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328?arch=amd64\u0026repository_url=registry.redhat.io/rhaiis/vllm-cuda-rhel9\u0026tag=1782951012"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64",
"product": {
"name": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64",
"product_id": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64",
"product_identification_helper": {
"purl": "pkg:oci/vllm-cuda-rhel9@sha256%3A9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf?arch=arm64\u0026repository_url=registry.redhat.io/rhaiis/vllm-cuda-rhel9\u0026tag=1782951012"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64 as a component of Red Hat AI Inference Server 3.2",
"product_id": "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64"
},
"product_reference": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"relates_to_product_reference": "Red Hat AI Inference Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64 as a component of Red Hat AI Inference Server 3.2",
"product_id": "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
},
"product_reference": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64",
"relates_to_product_reference": "Red Hat AI Inference Server 3.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-26740",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-03-18T19:01:41.415027+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448747"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in giflib. A remote attacker can exploit a buffer overflow vulnerability in the EGifGCBToExtension function by providing a specially crafted Graphics Control Extension (GCE) block. This allows overwriting an existing GCE block without proper size validation, leading to a denial of service (DoS) on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "giflib: giflib: Denial of Service via buffer overflow in EGifGCBToExtension",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The openjdk-headless packages do not include java.desktop, which is the only code that uses giflib. Therefore, headless-only environments are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26740"
},
{
"category": "external",
"summary": "RHBZ#2448747",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448747"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26740",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26740"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26740",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26740"
},
{
"category": "external",
"summary": "https://github.com/zakkanijia/POC/blob/main/giflib/giftool/giflib_giftool_gce_len_heap_oobwrite_disclosure.md",
"url": "https://github.com/zakkanijia/POC/blob/main/giflib/giftool/giflib_giftool_gce_len_heap_oobwrite_disclosure.md"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:43:22+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36005",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36005"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "giflib: giflib: Denial of Service via buffer overflow in EGifGCBToExtension"
},
{
"cve": "CVE-2026-33845",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"discovery_date": "2026-03-24T05:35:59.740000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450624"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue marked as Important severity due to its remote, pre-authentication reachability and its impact on a critical DTLS handshake parsing path. The vulnerability can be triggered by an unauthenticated attacker sending crafted DTLS handshake fragments, requiring no prior access or interaction. It leads to an out-of-bounds read caused by an integer underflow in fragment reassembly, operating entirely on attacker-controlled input. Such flaws in low-level protocol parsing are particularly serious, as they may result in disclosure of sensitive process memory, including cryptographic or session-related data, and can also cause reliable application crashes leading to denial of service. Given that DTLS is commonly used in network-facing services such as VPNs and real-time communication systems, the exposure surface is broad. The combination of unauthenticated remote exploitation, memory safety violation, and potential confidentiality and availability impact justifies classifying this issue as high severity rather than moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33845"
},
{
"category": "external",
"summary": "RHBZ#2450624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450624"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33845",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33845"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33845",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33845"
}
],
"release_date": "2026-04-30T17:28:41.473000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:43:22+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36005",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36005"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment"
},
{
"cve": "CVE-2026-33846",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2026-03-24T05:38:09.899000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450625"
}
],
"notes": [
{
"category": "description",
"text": "A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability should be classified as an important flaw rather than moderate because it exposes a pre-authentication, remotely reachable heap buffer overflow in the DTLS handshake processing path, which is part of the core protocol handling logic and commonly exposed in network-facing services. The flaw enables an attacker to inject controlled data at attacker-chosen offsets and sizes beyond allocated heap boundaries by exploiting inconsistent message_length handling across fragments, effectively creating a constrained but meaningful heap write primitive. Unlike benign memory safety bugs, this condition is deterministically triggerable with a small number of crafted packets and no environmental dependencies for denial-of-service, and it targets a long-lived parsing state where memory corruption can affect adjacent heap structures. Even if reliable code execution requires additional heap manipulation or layout knowledge, the combination of remote reachability, lack of authentication, controlled memory corruption capability, and trivial crashability significantly elevates the risk profile beyond moderate severity. In real-world deployments, such primitives are often sufficient to enable heap grooming and exploitation chains, particularly in services that repeatedly process attacker-controlled input, making this a materially important security flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33846"
},
{
"category": "external",
"summary": "RHBZ#2450625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450625"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33846",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33846"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33846",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33846"
}
],
"release_date": "2026-05-04T08:53:59.249000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:43:22+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36005",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36005"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly"
},
{
"cve": "CVE-2026-34755",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-06T16:02:21.718949+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455403"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM, an inference and serving engine for large language models. A remote attacker can exploit a vulnerability in the VideoMediaIO.load_base64() method by sending a single API request containing a large number of comma-separated base64-encoded JPEG frames. This bypasses the intended frame count limit, causing the server to decode all frames into memory. This can lead to an Out-of-Memory (OOM) crash, resulting in a Denial of Service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vLLM: vLLM: Denial of Service due to excessive video frame processing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34755"
},
{
"category": "external",
"summary": "RHBZ#2455403",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455403"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34755",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34755"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34755",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34755"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pq5c-rjhq-qp7p",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pq5c-rjhq-qp7p"
}
],
"release_date": "2026-04-06T15:38:53.201000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:43:22+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36005",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36005"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vLLM: vLLM: Denial of Service due to excessive video frame processing"
},
{
"cve": "CVE-2026-34756",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"discovery_date": "2026-04-06T16:03:45.222577+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455425"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). An unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request with an excessively large \u0027n\u0027 parameter to the vLLM OpenAI-compatible API server. This can lead to a Denial of Service (DoS) by consuming excessive memory and blocking the system\u0027s event loop, causing the server to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: vLLM: Denial of Service via excessively large \u0027n\u0027 parameter in OpenAI-compatible API",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34756"
},
{
"category": "external",
"summary": "RHBZ#2455425",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455425"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34756",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34756"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34756",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34756"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/b111f8a61f100fdca08706f41f29ef3548de7380",
"url": "https://github.com/vllm-project/vllm/commit/b111f8a61f100fdca08706f41f29ef3548de7380"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/37952",
"url": "https://github.com/vllm-project/vllm/pull/37952"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-3mwp-wvh9-7528",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-3mwp-wvh9-7528"
}
],
"release_date": "2026-04-06T15:40:03.448000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:43:22+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36005",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36005"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: vLLM: Denial of Service via excessively large \u0027n\u0027 parameter in OpenAI-compatible API"
},
{
"cve": "CVE-2026-34982",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-04-06T16:02:10.004743+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455400"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the `complete`, `guitabtooltip`, `printheader` options and the `mapset` function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vim: arbitrary command execution via modeline sandbox bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this vulnerability, an attacker needs to convince a user to open a specially crafted file. The arbitrary OS command execution is restricted to the privileges of the user running Vim, limiting the potential of a full system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34982"
},
{
"category": "external",
"summary": "RHBZ#2455400",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455400"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34982",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34982"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34982",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34982"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/01/1",
"url": "http://www.openwall.com/lists/oss-security/2026/04/01/1"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/commit/75661a66a1db1e1f3f1245c615",
"url": "https://github.com/vim/vim/commit/75661a66a1db1e1f3f1245c615"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/releases/tag/v9.2.0276",
"url": "https://github.com/vim/vim/releases/tag/v9.2.0276"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/security/advisories/GHSA-8h6p-m6gr-mpw9",
"url": "https://github.com/vim/vim/security/advisories/GHSA-8h6p-m6gr-mpw9"
}
],
"release_date": "2026-04-06T15:16:48.809000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:43:22+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36005",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36005"
},
{
"category": "workaround",
"details": "To mitigate this issue, disable the modeline support by adding the following command to the Vim configuration file:\n\n~~~\nset nomodeline\n~~~",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vim: arbitrary command execution via modeline sandbox bypass"
},
{
"cve": "CVE-2026-41523",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"discovery_date": "2026-06-22T23:01:00.799590+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2491582"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). An unauthenticated attacker can exploit an assert-based security check during activation function loading. By publishing a malicious HuggingFace model, an attacker can achieve arbitrary code execution on the server when vLLM runs in Python optimized mode.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: vLLM: Arbitrary code execution via malicious HuggingFace model",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this issue as having Important impact for Red Hat AI Inference Server and Red Hat OpenShift AI vLLM serving images, and Moderate impact for Red Hat Enterprise Linux AI bootc images that bundle vLLM. Exploitation requires loading an untrusted HuggingFace cross-encoder model while the vLLM process runs with Python optimized mode (python -O or PYTHONOPTIMIZE=1). Red Hat AI Inference Server 3.2/3.3 images and other components without the vulnerable pooler activation loader (vLLM \u003c 0.14.0) are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41523"
},
{
"category": "external",
"summary": "RHBZ#2491582",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2491582"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41523",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41523"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41523",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41523"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/b3c7ffcab82c2439726f8cb213800f6f38c023d3",
"url": "https://github.com/vllm-project/vllm/commit/b3c7ffcab82c2439726f8cb213800f6f38c023d3"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-q8gq-377p-jq3r",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-q8gq-377p-jq3r"
},
{
"category": "external",
"summary": "https://huntr.com/bounties/dcb05b04-e625-41e7-adbc-bbae0cc2d64c",
"url": "https://huntr.com/bounties/dcb05b04-e625-41e7-adbc-bbae0cc2d64c"
}
],
"release_date": "2026-06-22T22:18:14.494000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:43:22+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36005",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36005"
},
{
"category": "workaround",
"details": "Avoid running vLLM with python -O or PYTHONOPTIMIZE=1 until updated packages are available. Only load models from trusted sources. Restrict who can deploy or update models on inference endpoints. Apply network access controls and authentication in front of vLLM APIs.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: vLLM: Arbitrary code execution via malicious HuggingFace model"
},
{
"acknowledgments": [
{
"names": [
"Joshua Rogers"
],
"organization": "AISLE Research Team"
}
],
"cve": "CVE-2026-42009",
"cwe": {
"id": "CWE-475",
"name": "Undefined Behavior for Input to API"
},
"discovery_date": "2026-05-06T16:32:32.382000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467279"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: gnutls: Denial of Service via DTLS packet reordering vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact for this flaw has been downgraded on Red Hat Enterprise Linux due to the following reason:\n\n- The number of elements passed to the vulnerable function at runtime is known and is at most 6 and the element size is sufficiently small. glibc\u2019s qsort implementation will not exercise the quick sort code path, which would otherwise cause an infloop or out-of-bound write.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42009"
},
{
"category": "external",
"summary": "RHBZ#2467279",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467279"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42009",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42009"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42009",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42009"
},
{
"category": "external",
"summary": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-2",
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-2"
}
],
"release_date": "2026-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:43:22+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36005",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36005"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gnutls: gnutls: Denial of Service via DTLS packet reordering vulnerability"
},
{
"acknowledgments": [
{
"names": [
"Joshua Rogers"
],
"organization": "AISLE Research Team"
}
],
"cve": "CVE-2026-42010",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"discovery_date": "2026-05-06T16:57:37.044000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467289"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest\u2013Shamir\u2013Adleman \u2013 Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: gnutls: Authentication Bypass via NUL Character in Username",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42010"
},
{
"category": "external",
"summary": "RHBZ#2467289",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467289"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42010",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42010"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42010",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42010"
},
{
"category": "external",
"summary": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-4",
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-4"
}
],
"release_date": "2026-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:43:22+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36005",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36005"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gnutls: gnutls: Authentication Bypass via NUL Character in Username"
},
{
"cve": "CVE-2026-48746",
"cwe": {
"id": "CWE-501",
"name": "Trust Boundary Violation"
},
"discovery_date": "2026-06-22T23:00:57.824402+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2491581"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). This vulnerability, residing in ASGI web servers and Starlette\u0027s trust in them, allows an attacker to bypass the OpenAI API Authentication Middleware. This bypass enables unauthorized access to the API without requiring the configured VLLM_API_KEY or --api-key, leading to critical unauthorized operations.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: starlette: vLLM: Critical authentication bypass allows unauthorized API access",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2026-48746 is an authentication bypass in the vLLM OpenAI-compatible API server. A remote attacker who can reach the vLLM endpoint directly can craft a Host header so the authentication middleware checks a different URL path than the one actually dispatched, bypassing VLLM_API_KEY / --api-key protection. Successful exploitation allows unauthorized inference API access, which can result in confidentiality loss (model/prompt abuse) and availability impact (resource exhaustion). The flaw does not provide integrity compromise or arbitrary code execution. Exploitation requires vLLM API-key authentication to be enabled and the service to be exposed without an RFC-conforming reverse proxy that normalizes the Host header. Because Red Hat AI inference offerings are commonly deployed behind OpenShift Routes or similar proxies, and because the vulnerability is conditional on deployment and configuration, the overall flaw impact is rated Important rather than Critical.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48746"
},
{
"category": "external",
"summary": "RHBZ#2491581",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2491581"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48746",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48746"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48746",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48746"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/43426",
"url": "https://github.com/vllm-project/vllm/pull/43426"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-94f4-hr76-p5j6",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-94f4-hr76-p5j6"
},
{
"category": "external",
"summary": "https://x41-dsec.de/lab/advisories/x41-2026-002-starlette",
"url": "https://x41-dsec.de/lab/advisories/x41-2026-002-starlette"
}
],
"release_date": "2026-06-22T21:57:28.997000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:43:22+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36005",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36005"
},
{
"category": "workaround",
"details": "Restrict network access to the vLLM API endpoint to only trusted clients and internal networks. Implement firewall rules or network policies to limit inbound connections to the vLLM service, thereby reducing the attack surface. This operational control helps prevent unauthorized external access to the vulnerable API.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: starlette: vLLM: Critical authentication bypass allows unauthorized API access"
},
{
"cve": "CVE-2026-54235",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-06-22T23:01:07.102249+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2491584"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). The temperature validation gates, which use comparison operators, incorrectly handle Not-a-Number (NaN) and positive Infinity values in Python\u0027s IEEE 754 float semantics. These invalid values can bypass validation and propagate to GPU sampling kernels, leading to undefined behavior or CUDA errors that can crash the inference worker. This could allow an attacker to cause a Denial of Service (DoS) by providing specially crafted input.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: vLLM: Denial of Service due to improper floating-point validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate impact flaw in vLLM, as used in Red Hat AI Inference Server, Red Hat OpenShift AI, and Red Hat Enterprise Linux AI, allows for a denial of service. Improper validation of floating-point values like Not-a-Number (NaN) or positive Infinity in temperature parameters can bypass security checks, leading to undefined behavior or CUDA errors that crash the inference worker. This could be exploited by providing specially crafted input to the LLM inference engine.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-54235"
},
{
"category": "external",
"summary": "RHBZ#2491584",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2491584"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-54235",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-54235"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-54235",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-54235"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/d598d239737cfa37bcfcb98886ec3f3557fc7198",
"url": "https://github.com/vllm-project/vllm/commit/d598d239737cfa37bcfcb98886ec3f3557fc7198"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/45116",
"url": "https://github.com/vllm-project/vllm/pull/45116"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-7h4p-rffg-7823",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-7h4p-rffg-7823"
}
],
"release_date": "2026-06-22T21:59:02.710000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:43:22+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36005",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36005"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vllm: vLLM: Denial of Service due to improper floating-point validation"
},
{
"cve": "CVE-2026-54283",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-22T18:01:06.194658+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2491440"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Starlette where the request.form() method silently ignores configured resource limits (max_fields and max_part_size) when parsing application/x-www-form-urlencoded data. An unauthenticated attacker can exploit this by sending a urlencoded request body with an arbitrarily large number of fields or an oversized field, causing denial of service through resource exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "starlette: Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A flaw was found in Starlette where the request.form() method silently ignores configured resource limits (max_fields and max_part_size) when parsing application/x-www-form-urlencoded data. An unauthenticated attacker can exploit this by sending a urlencoded request body with an arbitrarily large number of fields or an oversized field, causing denial of service through resource exhaustion. This only affects applications that explicitly call request.form() on urlencoded input; JSON-only APIs and services where Starlette is a transitive dependency not used for form parsing are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-54283"
},
{
"category": "external",
"summary": "RHBZ#2491440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2491440"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-54283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-54283"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-54283",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-54283"
},
{
"category": "external",
"summary": "https://github.com/Kludex/starlette/security/advisories/GHSA-82w8-qh3p-5jfq",
"url": "https://github.com/Kludex/starlette/security/advisories/GHSA-82w8-qh3p-5jfq"
}
],
"release_date": "2026-06-22T16:46:16.706000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:43:22+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36005",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36005"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:6b93986199cc8e02e9672374938a2aac7b7452d1bf7d1a8a6445bfe1940f6328_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:9533230dd9b2ab392c96f4e8a556ddbebf0be308befdf92691dc7e228da361bf_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "starlette: Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS"
}
]
}
RHSA-2026:36006
Vulnerability from csaf_redhat - Published: 2026-07-06 16:44 - Updated: 2026-07-08 06:40A flaw was found in giflib. A remote attacker can exploit a buffer overflow vulnerability in the EGifGCBToExtension function by providing a specially crafted Graphics Control Extension (GCE) block. This allows overwriting an existing GCE block without proper size validation, leading to a denial of service (DoS) on the system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64 | — |
Vendor Fix
fix
Workaround
|
A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64 | — |
Vendor Fix
fix
Workaround
|
A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in vLLM, an inference and serving engine for large language models. A remote attacker can exploit a vulnerability in the VideoMediaIO.load_base64() method by sending a single API request containing a large number of comma-separated base64-encoded JPEG frames. This bypasses the intended frame count limit, causing the server to decode all frames into memory. This can lead to an Out-of-Memory (OOM) crash, resulting in a Denial of Service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). An unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request with an excessively large 'n' parameter to the vLLM OpenAI-compatible API server. This can lead to a Denial of Service (DoS) by consuming excessive memory and blocking the system's event loop, causing the server to crash.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the `complete`, `guitabtooltip`, `printheader` options and the `mapset` function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). An unauthenticated attacker can exploit an assert-based security check during activation function loading. By publishing a malicious HuggingFace model, an attacker can achieve arbitrary code execution on the server when vLLM runs in Python optimized mode.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64 | — |
Vendor Fix
fix
|
A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64 | — |
Vendor Fix
fix
|
A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). This vulnerability, residing in ASGI web servers and Starlette's trust in them, allows an attacker to bypass the OpenAI API Authentication Middleware. This bypass enables unauthorized access to the API without requiring the configured VLLM_API_KEY or --api-key, leading to critical unauthorized operations.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). The temperature validation gates, which use comparison operators, incorrectly handle Not-a-Number (NaN) and positive Infinity values in Python's IEEE 754 float semantics. These invalid values can bypass validation and propagate to GPU sampling kernels, leading to undefined behavior or CUDA errors that can crash the inference worker. This could allow an attacker to cause a Denial of Service (DoS) by providing specially crafted input.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Starlette where the request.form() method silently ignores configured resource limits (max_fields and max_part_size) when parsing application/x-www-form-urlencoded data. An unauthenticated attacker can exploit this by sending a urlencoded request body with an arbitrarily large number of fields or an oversized field, causing denial of service through resource exhaustion.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AI Inference Server 3.2.2 (ROCm) is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat\u00ae AI Inference Server",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:36006",
"url": "https://access.redhat.com/errata/RHSA-2026:36006"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26740",
"url": "https://access.redhat.com/security/cve/CVE-2026-26740"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33845",
"url": "https://access.redhat.com/security/cve/CVE-2026-33845"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33846",
"url": "https://access.redhat.com/security/cve/CVE-2026-33846"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34755",
"url": "https://access.redhat.com/security/cve/CVE-2026-34755"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34756",
"url": "https://access.redhat.com/security/cve/CVE-2026-34756"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34982",
"url": "https://access.redhat.com/security/cve/CVE-2026-34982"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41523",
"url": "https://access.redhat.com/security/cve/CVE-2026-41523"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42009",
"url": "https://access.redhat.com/security/cve/CVE-2026-42009"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42010",
"url": "https://access.redhat.com/security/cve/CVE-2026-42010"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48746",
"url": "https://access.redhat.com/security/cve/CVE-2026-48746"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-54235",
"url": "https://access.redhat.com/security/cve/CVE-2026-54235"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-54283",
"url": "https://access.redhat.com/security/cve/CVE-2026-54283"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://www.redhat.com/en/products/ai/inference-server",
"url": "https://www.redhat.com/en/products/ai/inference-server"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_36006.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AI Inference Server 3.2.2 (ROCm)",
"tracking": {
"current_release_date": "2026-07-08T06:40:54+00:00",
"generator": {
"date": "2026-07-08T06:40:54+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:36006",
"initial_release_date": "2026-07-06T16:44:03+00:00",
"revision_history": [
{
"date": "2026-07-06T16:44:03+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-06T16:44:10+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-08T06:40:54+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AI Inference Server 3.2",
"product": {
"name": "Red Hat AI Inference Server 3.2",
"product_id": "Red Hat AI Inference Server 3.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ai_inference_server:3.2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat AI Inference Server"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64",
"product": {
"name": "registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64",
"product_id": "registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vllm-rocm-rhel9@sha256%3A7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f?arch=amd64\u0026repository_url=registry.redhat.io/rhaiis/vllm-rocm-rhel9\u0026tag=1782951244"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64 as a component of Red Hat AI Inference Server 3.2",
"product_id": "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
},
"product_reference": "registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64",
"relates_to_product_reference": "Red Hat AI Inference Server 3.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-26740",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-03-18T19:01:41.415027+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448747"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in giflib. A remote attacker can exploit a buffer overflow vulnerability in the EGifGCBToExtension function by providing a specially crafted Graphics Control Extension (GCE) block. This allows overwriting an existing GCE block without proper size validation, leading to a denial of service (DoS) on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "giflib: giflib: Denial of Service via buffer overflow in EGifGCBToExtension",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The openjdk-headless packages do not include java.desktop, which is the only code that uses giflib. Therefore, headless-only environments are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26740"
},
{
"category": "external",
"summary": "RHBZ#2448747",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448747"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26740",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26740"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26740",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26740"
},
{
"category": "external",
"summary": "https://github.com/zakkanijia/POC/blob/main/giflib/giftool/giflib_giftool_gce_len_heap_oobwrite_disclosure.md",
"url": "https://github.com/zakkanijia/POC/blob/main/giflib/giftool/giflib_giftool_gce_len_heap_oobwrite_disclosure.md"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:44:03+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36006",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36006"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "giflib: giflib: Denial of Service via buffer overflow in EGifGCBToExtension"
},
{
"cve": "CVE-2026-33845",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"discovery_date": "2026-03-24T05:35:59.740000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450624"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue marked as Important severity due to its remote, pre-authentication reachability and its impact on a critical DTLS handshake parsing path. The vulnerability can be triggered by an unauthenticated attacker sending crafted DTLS handshake fragments, requiring no prior access or interaction. It leads to an out-of-bounds read caused by an integer underflow in fragment reassembly, operating entirely on attacker-controlled input. Such flaws in low-level protocol parsing are particularly serious, as they may result in disclosure of sensitive process memory, including cryptographic or session-related data, and can also cause reliable application crashes leading to denial of service. Given that DTLS is commonly used in network-facing services such as VPNs and real-time communication systems, the exposure surface is broad. The combination of unauthenticated remote exploitation, memory safety violation, and potential confidentiality and availability impact justifies classifying this issue as high severity rather than moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33845"
},
{
"category": "external",
"summary": "RHBZ#2450624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450624"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33845",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33845"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33845",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33845"
}
],
"release_date": "2026-04-30T17:28:41.473000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:44:03+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36006",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36006"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment"
},
{
"cve": "CVE-2026-33846",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2026-03-24T05:38:09.899000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450625"
}
],
"notes": [
{
"category": "description",
"text": "A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability should be classified as an important flaw rather than moderate because it exposes a pre-authentication, remotely reachable heap buffer overflow in the DTLS handshake processing path, which is part of the core protocol handling logic and commonly exposed in network-facing services. The flaw enables an attacker to inject controlled data at attacker-chosen offsets and sizes beyond allocated heap boundaries by exploiting inconsistent message_length handling across fragments, effectively creating a constrained but meaningful heap write primitive. Unlike benign memory safety bugs, this condition is deterministically triggerable with a small number of crafted packets and no environmental dependencies for denial-of-service, and it targets a long-lived parsing state where memory corruption can affect adjacent heap structures. Even if reliable code execution requires additional heap manipulation or layout knowledge, the combination of remote reachability, lack of authentication, controlled memory corruption capability, and trivial crashability significantly elevates the risk profile beyond moderate severity. In real-world deployments, such primitives are often sufficient to enable heap grooming and exploitation chains, particularly in services that repeatedly process attacker-controlled input, making this a materially important security flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33846"
},
{
"category": "external",
"summary": "RHBZ#2450625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450625"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33846",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33846"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33846",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33846"
}
],
"release_date": "2026-05-04T08:53:59.249000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:44:03+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36006",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36006"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly"
},
{
"cve": "CVE-2026-34755",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-06T16:02:21.718949+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455403"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM, an inference and serving engine for large language models. A remote attacker can exploit a vulnerability in the VideoMediaIO.load_base64() method by sending a single API request containing a large number of comma-separated base64-encoded JPEG frames. This bypasses the intended frame count limit, causing the server to decode all frames into memory. This can lead to an Out-of-Memory (OOM) crash, resulting in a Denial of Service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vLLM: vLLM: Denial of Service due to excessive video frame processing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34755"
},
{
"category": "external",
"summary": "RHBZ#2455403",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455403"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34755",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34755"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34755",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34755"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pq5c-rjhq-qp7p",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pq5c-rjhq-qp7p"
}
],
"release_date": "2026-04-06T15:38:53.201000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:44:03+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36006",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36006"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vLLM: vLLM: Denial of Service due to excessive video frame processing"
},
{
"cve": "CVE-2026-34756",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"discovery_date": "2026-04-06T16:03:45.222577+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455425"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). An unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request with an excessively large \u0027n\u0027 parameter to the vLLM OpenAI-compatible API server. This can lead to a Denial of Service (DoS) by consuming excessive memory and blocking the system\u0027s event loop, causing the server to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: vLLM: Denial of Service via excessively large \u0027n\u0027 parameter in OpenAI-compatible API",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34756"
},
{
"category": "external",
"summary": "RHBZ#2455425",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455425"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34756",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34756"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34756",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34756"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/b111f8a61f100fdca08706f41f29ef3548de7380",
"url": "https://github.com/vllm-project/vllm/commit/b111f8a61f100fdca08706f41f29ef3548de7380"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/37952",
"url": "https://github.com/vllm-project/vllm/pull/37952"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-3mwp-wvh9-7528",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-3mwp-wvh9-7528"
}
],
"release_date": "2026-04-06T15:40:03.448000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:44:03+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36006",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36006"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: vLLM: Denial of Service via excessively large \u0027n\u0027 parameter in OpenAI-compatible API"
},
{
"cve": "CVE-2026-34982",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-04-06T16:02:10.004743+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455400"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the `complete`, `guitabtooltip`, `printheader` options and the `mapset` function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vim: arbitrary command execution via modeline sandbox bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this vulnerability, an attacker needs to convince a user to open a specially crafted file. The arbitrary OS command execution is restricted to the privileges of the user running Vim, limiting the potential of a full system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34982"
},
{
"category": "external",
"summary": "RHBZ#2455400",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455400"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34982",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34982"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34982",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34982"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/01/1",
"url": "http://www.openwall.com/lists/oss-security/2026/04/01/1"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/commit/75661a66a1db1e1f3f1245c615",
"url": "https://github.com/vim/vim/commit/75661a66a1db1e1f3f1245c615"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/releases/tag/v9.2.0276",
"url": "https://github.com/vim/vim/releases/tag/v9.2.0276"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/security/advisories/GHSA-8h6p-m6gr-mpw9",
"url": "https://github.com/vim/vim/security/advisories/GHSA-8h6p-m6gr-mpw9"
}
],
"release_date": "2026-04-06T15:16:48.809000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:44:03+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36006",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36006"
},
{
"category": "workaround",
"details": "To mitigate this issue, disable the modeline support by adding the following command to the Vim configuration file:\n\n~~~\nset nomodeline\n~~~",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vim: arbitrary command execution via modeline sandbox bypass"
},
{
"cve": "CVE-2026-41523",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"discovery_date": "2026-06-22T23:01:00.799590+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2491582"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). An unauthenticated attacker can exploit an assert-based security check during activation function loading. By publishing a malicious HuggingFace model, an attacker can achieve arbitrary code execution on the server when vLLM runs in Python optimized mode.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: vLLM: Arbitrary code execution via malicious HuggingFace model",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this issue as having Important impact for Red Hat AI Inference Server and Red Hat OpenShift AI vLLM serving images, and Moderate impact for Red Hat Enterprise Linux AI bootc images that bundle vLLM. Exploitation requires loading an untrusted HuggingFace cross-encoder model while the vLLM process runs with Python optimized mode (python -O or PYTHONOPTIMIZE=1). Red Hat AI Inference Server 3.2/3.3 images and other components without the vulnerable pooler activation loader (vLLM \u003c 0.14.0) are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41523"
},
{
"category": "external",
"summary": "RHBZ#2491582",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2491582"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41523",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41523"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41523",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41523"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/b3c7ffcab82c2439726f8cb213800f6f38c023d3",
"url": "https://github.com/vllm-project/vllm/commit/b3c7ffcab82c2439726f8cb213800f6f38c023d3"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-q8gq-377p-jq3r",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-q8gq-377p-jq3r"
},
{
"category": "external",
"summary": "https://huntr.com/bounties/dcb05b04-e625-41e7-adbc-bbae0cc2d64c",
"url": "https://huntr.com/bounties/dcb05b04-e625-41e7-adbc-bbae0cc2d64c"
}
],
"release_date": "2026-06-22T22:18:14.494000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:44:03+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36006",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36006"
},
{
"category": "workaround",
"details": "Avoid running vLLM with python -O or PYTHONOPTIMIZE=1 until updated packages are available. Only load models from trusted sources. Restrict who can deploy or update models on inference endpoints. Apply network access controls and authentication in front of vLLM APIs.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: vLLM: Arbitrary code execution via malicious HuggingFace model"
},
{
"acknowledgments": [
{
"names": [
"Joshua Rogers"
],
"organization": "AISLE Research Team"
}
],
"cve": "CVE-2026-42009",
"cwe": {
"id": "CWE-475",
"name": "Undefined Behavior for Input to API"
},
"discovery_date": "2026-05-06T16:32:32.382000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467279"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: gnutls: Denial of Service via DTLS packet reordering vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact for this flaw has been downgraded on Red Hat Enterprise Linux due to the following reason:\n\n- The number of elements passed to the vulnerable function at runtime is known and is at most 6 and the element size is sufficiently small. glibc\u2019s qsort implementation will not exercise the quick sort code path, which would otherwise cause an infloop or out-of-bound write.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42009"
},
{
"category": "external",
"summary": "RHBZ#2467279",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467279"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42009",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42009"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42009",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42009"
},
{
"category": "external",
"summary": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-2",
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-2"
}
],
"release_date": "2026-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:44:03+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36006",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36006"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gnutls: gnutls: Denial of Service via DTLS packet reordering vulnerability"
},
{
"acknowledgments": [
{
"names": [
"Joshua Rogers"
],
"organization": "AISLE Research Team"
}
],
"cve": "CVE-2026-42010",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"discovery_date": "2026-05-06T16:57:37.044000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467289"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest\u2013Shamir\u2013Adleman \u2013 Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: gnutls: Authentication Bypass via NUL Character in Username",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42010"
},
{
"category": "external",
"summary": "RHBZ#2467289",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467289"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42010",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42010"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42010",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42010"
},
{
"category": "external",
"summary": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-4",
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-4"
}
],
"release_date": "2026-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:44:03+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36006",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36006"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gnutls: gnutls: Authentication Bypass via NUL Character in Username"
},
{
"cve": "CVE-2026-48746",
"cwe": {
"id": "CWE-501",
"name": "Trust Boundary Violation"
},
"discovery_date": "2026-06-22T23:00:57.824402+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2491581"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). This vulnerability, residing in ASGI web servers and Starlette\u0027s trust in them, allows an attacker to bypass the OpenAI API Authentication Middleware. This bypass enables unauthorized access to the API without requiring the configured VLLM_API_KEY or --api-key, leading to critical unauthorized operations.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: starlette: vLLM: Critical authentication bypass allows unauthorized API access",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2026-48746 is an authentication bypass in the vLLM OpenAI-compatible API server. A remote attacker who can reach the vLLM endpoint directly can craft a Host header so the authentication middleware checks a different URL path than the one actually dispatched, bypassing VLLM_API_KEY / --api-key protection. Successful exploitation allows unauthorized inference API access, which can result in confidentiality loss (model/prompt abuse) and availability impact (resource exhaustion). The flaw does not provide integrity compromise or arbitrary code execution. Exploitation requires vLLM API-key authentication to be enabled and the service to be exposed without an RFC-conforming reverse proxy that normalizes the Host header. Because Red Hat AI inference offerings are commonly deployed behind OpenShift Routes or similar proxies, and because the vulnerability is conditional on deployment and configuration, the overall flaw impact is rated Important rather than Critical.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48746"
},
{
"category": "external",
"summary": "RHBZ#2491581",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2491581"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48746",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48746"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48746",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48746"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/43426",
"url": "https://github.com/vllm-project/vllm/pull/43426"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-94f4-hr76-p5j6",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-94f4-hr76-p5j6"
},
{
"category": "external",
"summary": "https://x41-dsec.de/lab/advisories/x41-2026-002-starlette",
"url": "https://x41-dsec.de/lab/advisories/x41-2026-002-starlette"
}
],
"release_date": "2026-06-22T21:57:28.997000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:44:03+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36006",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36006"
},
{
"category": "workaround",
"details": "Restrict network access to the vLLM API endpoint to only trusted clients and internal networks. Implement firewall rules or network policies to limit inbound connections to the vLLM service, thereby reducing the attack surface. This operational control helps prevent unauthorized external access to the vulnerable API.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: starlette: vLLM: Critical authentication bypass allows unauthorized API access"
},
{
"cve": "CVE-2026-54235",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-06-22T23:01:07.102249+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2491584"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). The temperature validation gates, which use comparison operators, incorrectly handle Not-a-Number (NaN) and positive Infinity values in Python\u0027s IEEE 754 float semantics. These invalid values can bypass validation and propagate to GPU sampling kernels, leading to undefined behavior or CUDA errors that can crash the inference worker. This could allow an attacker to cause a Denial of Service (DoS) by providing specially crafted input.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: vLLM: Denial of Service due to improper floating-point validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate impact flaw in vLLM, as used in Red Hat AI Inference Server, Red Hat OpenShift AI, and Red Hat Enterprise Linux AI, allows for a denial of service. Improper validation of floating-point values like Not-a-Number (NaN) or positive Infinity in temperature parameters can bypass security checks, leading to undefined behavior or CUDA errors that crash the inference worker. This could be exploited by providing specially crafted input to the LLM inference engine.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-54235"
},
{
"category": "external",
"summary": "RHBZ#2491584",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2491584"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-54235",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-54235"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-54235",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-54235"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/d598d239737cfa37bcfcb98886ec3f3557fc7198",
"url": "https://github.com/vllm-project/vllm/commit/d598d239737cfa37bcfcb98886ec3f3557fc7198"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/45116",
"url": "https://github.com/vllm-project/vllm/pull/45116"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-7h4p-rffg-7823",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-7h4p-rffg-7823"
}
],
"release_date": "2026-06-22T21:59:02.710000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:44:03+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36006",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36006"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vllm: vLLM: Denial of Service due to improper floating-point validation"
},
{
"cve": "CVE-2026-54283",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-22T18:01:06.194658+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2491440"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Starlette where the request.form() method silently ignores configured resource limits (max_fields and max_part_size) when parsing application/x-www-form-urlencoded data. An unauthenticated attacker can exploit this by sending a urlencoded request body with an arbitrarily large number of fields or an oversized field, causing denial of service through resource exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "starlette: Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A flaw was found in Starlette where the request.form() method silently ignores configured resource limits (max_fields and max_part_size) when parsing application/x-www-form-urlencoded data. An unauthenticated attacker can exploit this by sending a urlencoded request body with an arbitrarily large number of fields or an oversized field, causing denial of service through resource exhaustion. This only affects applications that explicitly call request.form() on urlencoded input; JSON-only APIs and services where Starlette is a transitive dependency not used for form parsing are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-54283"
},
{
"category": "external",
"summary": "RHBZ#2491440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2491440"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-54283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-54283"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-54283",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-54283"
},
{
"category": "external",
"summary": "https://github.com/Kludex/starlette/security/advisories/GHSA-82w8-qh3p-5jfq",
"url": "https://github.com/Kludex/starlette/security/advisories/GHSA-82w8-qh3p-5jfq"
}
],
"release_date": "2026-06-22T16:46:16.706000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T16:44:03+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:36006",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36006"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:7e61f6b8bbdf8c1e0b04de9ee6cfe0b6ff493a5bd4ad5dc52de2c308d2389d0f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "starlette: Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS"
}
]
}
WID-SEC-W-2026-0987
Vulnerability from csaf_certbund - Published: 2026-04-07 22:00 - Updated: 2026-04-07 22:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source vllm <0.19.0
Open Source / vllm
|
<0.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source vllm <0.19.0
Open Source / vllm
|
<0.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source vllm <0.19.0
Open Source / vllm
|
<0.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source vllm <0.19.0
Open Source / vllm
|
<0.19.0 |
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Open Source vLLM ist eine Open-Source-Bibliothek f\u00fcr schnelle und effiziente Inferenz von Large Language Models (LLMs).",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in vllm ausnutzen, um Dateien zu manipulieren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand herbeizuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0987 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0987.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0987 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0987"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-pf3h-qjgv-vcpr vom 2026-04-07",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pf3h-qjgv-vcpr"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-pq5c-rjhq-qp7p vom 2026-04-07",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pq5c-rjhq-qp7p"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-3mwp-wvh9-7528 vom 2026-04-07",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-3mwp-wvh9-7528"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-6c4r-fmh3-7rh8 vom 2026-04-07",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-6c4r-fmh3-7rh8"
},
{
"category": "external",
"summary": "vllm releases vom 2026-04-07",
"url": "https://github.com/vllm-project/vllm/releases"
}
],
"source_lang": "en-US",
"title": "vllm: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-04-07T22:00:00.000+00:00",
"generator": {
"date": "2026-04-08T09:54:21.440+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0987",
"initial_release_date": "2026-04-07T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-04-07T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c0.19.0",
"product": {
"name": "Open Source vllm \u003c0.19.0",
"product_id": "T052442"
}
},
{
"category": "product_version",
"name": "0.19.0",
"product": {
"name": "Open Source vllm 0.19.0",
"product_id": "T052442-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:vllm:vllm:0.19.0"
}
}
}
],
"category": "product_name",
"name": "vllm"
}
],
"category": "vendor",
"name": "Open Source"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-34753",
"product_status": {
"known_affected": [
"T052442"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-34753"
},
{
"cve": "CVE-2026-34755",
"product_status": {
"known_affected": [
"T052442"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-34755"
},
{
"cve": "CVE-2026-34756",
"product_status": {
"known_affected": [
"T052442"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-34756"
},
{
"cve": "CVE-2026-34760",
"product_status": {
"known_affected": [
"T052442"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-34760"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.