Audio Processing Discrepancy in vLLM from Librosa Affects AI Model Outputs
CVE-2026-34760

5.9MEDIUM

Key Information:

Vendor

Vllm-project

Status
Vllm
Vendor
CVE Published:
2 April 2026

What is CVE-2026-34760?

The vLLM inference engine, which utilizes Librosa for audio processing, has a critical inconsistency in handling audio downmixing due to default settings in Librosa versions 0.5.5 to before 0.18.0. This results in audio processed by AI models differing from what is actually heard by users, due to the use of numpy.mean for mono downmixing, as opposed to the ITU-R BS.775-4 standard's weighted algorithm. This discrepancy affects the performance and reliability of AI-driven audio applications. The issue has been addressed in vLLM version 0.18.0.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

vllm >= 0.5.5, < 0.18.0

References

https://github.com/vllm-project/vllm/security/advisories/...
x_refsource_CONFIRM
https://github.com/vllm-project/vllm/pull/37058
x_refsource_MISC
https://github.com/vllm-project/vllm/commit/c7f98b4d0a63b...
x_refsource_MISC

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.