โ† Back to Dashboard

CVE-2026-41523

HIGH NVD
CVSS Score
7.5
Severity
HIGH
Source
NVD
Published
Jun 22, 2026
Description

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.0, an assert-based security check in vLLM's activation function loading allows any unauthenticated attacker to achieve arbitrary code execution on the server by publishing a malicious HuggingFace model, when vLLM runs in Python optimized mode (python -O or PYTHONOPTIMIZE=1). This vulnerability is fixed in 0.22.0.

View Full Details โ† Back