Heap Address Leak in vLLM's Multimodal Endpoint Affects Large Language Model Deployments
CVE-2026-22778

9.8CRITICAL

Key Information:

Vendor

Vllm-project

Status
Vllm
Vendor
CVE Published:
2 February 2026

What is CVE-2026-22778?

The vLLM inference engine's multimodal endpoint is susceptible to a vulnerability where an invalid image request causes the library to leak a heap address. This exposure significantly reduces the randomness provided by ASLR, enabling attackers to launch further exploits, potentially leading to remote code execution via a chained method with the JPEG2000 decoder in OpenCV/FFmpeg. Users are encouraged to upgrade to version 0.14.1, which addresses this issue effectively.

Affected Version(s)

vllm >= 0.8.3, < 0.14.1

References

https://github.com/vllm-project/vllm/security/advisories/...
x_refsource_CONFIRM
https://github.com/vllm-project/vllm/pull/31987
x_refsource_MISC
https://github.com/vllm-project/vllm/pull/32319
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.