SB2026040407 - Two vulnerabilities in vLLM

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Interpretation Conflict (CVE-ID: CVE-2026-34760)

The vulnerability allows a remote user to manipulate audio model processing results.

The vulnerability exists due to improper algorithm implementation in the audio downmixing functionality when processing specially crafted multichannel audio input. A remote user can supply a specially crafted multichannel audio file with interference signals or hidden content in unsupported channels to manipulate audio model processing results.

This issue stems from differences between Librosa mono downmixing behavior and the ITU-R BS.775-4 weighted downmixing standard, causing inconsistencies between audio heard by humans and audio processed by AI models. The advisory notes that LFE and channels beyond the 6th may be used to affect speech recognition, content moderation, or voice authentication outcomes.

2) Protection Mechanism Failure (CVE-ID: CVE-2026-27893)

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to protection mechanism failure in NemotronVL and KimiK25 model implementation files when loading model sub-components from a malicious model repository. A remote attacker can supply a malicious model repository to execute arbitrary code.

User interaction is required because the malicious model must be loaded by vLLM. The issue bypasses the user's explicit trust_remote_code=false security opt-out by hardcoding trust_remote_code=true in affected code paths.

Remediation

Install update from vendor's website.

References

• https://github.com/vllm-project/vllm/security/advisories/GHSA-6c4r-fmh3-7rh8
• https://github.com/vllm-project/vllm/security/advisories/GHSA-7972-pg2x-xr59
• https://github.com/advisories/GHSA-7972-pg2x-xr59