Token Injection Vulnerability in vLLM's Multimodal Processing Engine
CVE-2026-44222

6.5MEDIUM

Key Information:

Vendor: Vllm-project
Status: Vllm
Vendor: CVE Published:; 12 May 2026

🔔 Create Vllm-project Vulnerability Alert

What is CVE-2026-44222?

A Token Injection vulnerability has been identified in vLLM's multimodal processing architecture. This flaw affects versions from 0.6.1 up to, but not including, 0.20.0. It occurs when unauthenticated, text-only prompts containing special tokens are incorrectly interpreted as control instructions. Furthermore, when placeholder sequences for images or videos are supplied without corresponding data, vLLM attempts to access non-existent elements, leading to an unhandled IndexError. This can result in worker termination or degraded availability, particularly impacting multimodal pathways relying on indexed grids. The issue has been patched in version 0.20.0.

Affected Version(s)

vllm >= 0.6.1, < 0.20.0

References

https://github.com/vllm-project/vllm/security/advisories/...

x_refsource_CONFIRM

https://github.com/vllm-project/vllm/issues/32656

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
May 5, 2026

CVE-2026-44222 Data

JSON