SB2026050122 - Multiple vulnerabilities in vLLM
Published: May 1, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Deserialization of Untrusted Data (CVE-ID: CVE-2025-32434)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data when loading a model using torch.load with weights_only=True. A remote attacker can trick the victim into loading a specially crafted model and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Resource exhaustion (CVE-ID: CVE-2025-29770)
The vulnerability allows a remote user to cause a denial of service.
The vulnerability exists due to uncontrolled resource consumption in outlines grammar cache in vllm/model_executor/guided_decoding/outlines_logits_processors.py when handling decoding requests with unique schemas. A remote user can send a stream of very short decoding requests with unique schemas to cause a denial of service.
The issue applies to the V0 engine only. The outlines backend can also be selected on a per-request basis using the guided_decoding_backend key in the extra_body field.
3) Deserialization of Untrusted Data (CVE-ID: CVE-2025-29783)
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to deserialization of untrusted data in the Mooncake integration mooncake_pipe.py when processing network-supplied data over ZMQ/TCP. A remote user can send a specially crafted serialized payload to execute arbitrary code.
Only deployments configured to use Mooncake for distributed KV transfer are vulnerable.
Remediation
Install update from vendor's website.
References
- https://github.com/vllm-project/vllm/security/advisories/GHSA-ggpf-24jw-3fcw
- https://github.com/vllm-project/vllm/security/advisories/GHSA-mgrm-fgjv-mhv8
- https://github.com/vllm-project/vllm/blob/53be4a863486d02bd96a59c674bbec23eec508f6/vllm/model_executor/guided_decoding/outlines_logits_processors.py
- https://github.com/vllm-project/vllm/security/advisories/GHSA-x3m8-f7g5-qhm7
- https://github.com/vllm-project/vllm/blob/9bebc9512f9340e94579b9bd69cfdc452c4d5bb0/vllm/distributed/kv_transfer/kv_pipe/mooncake_pipe.py#L257