Library Vulnerability in vLLM Affecting Server Stability
CVE-2026-55514

7.1HIGH

Key Information:

Status
Vendor
CVE Published:
6 July 2026

What is CVE-2026-55514?

The vLLM library, used for large language model (LLM) inference and serving, contains a flaw that allows a remote user to craft a specially designed /v1/completions request, which can lead to a fatal assertion failure within the EngineCore. This vulnerability arises specifically in versions from 0.12.0 to 0.23.9, causing the server application to crash and stop functioning. The issue has been addressed in version 0.24.0, ensuring that users can securely utilize the library without encountering unexpected downtime.

Affected Version(s)

vllm >= 0.12.0, < 0.24.0

References

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.