Library Vulnerability in vLLM Affecting Server Stability
CVE-2026-55514
7.1HIGH
What is CVE-2026-55514?
The vLLM library, used for large language model (LLM) inference and serving, contains a flaw that allows a remote user to craft a specially designed /v1/completions request, which can lead to a fatal assertion failure within the EngineCore. This vulnerability arises specifically in versions from 0.12.0 to 0.23.9, causing the server application to crash and stop functioning. The issue has been addressed in version 0.24.0, ensuring that users can securely utilize the library without encountering unexpected downtime.
Affected Version(s)
vllm >= 0.12.0, < 0.24.0
