216.73.217.64

CVE-2026-22773

· Published 10/01/2026 07:16 · Modified 10/01/2026 07:16

Labels: CVE-2026-22773 2026-01-10CVE-2026-22773CWE-770[email protected]

Essential information

Published
10/01/2026 07:16
Modified
10/01/2026 07:16
Author
Creator
CVSS
6.5 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS metrics

Description

vLLM is an inference and serving engine for large language models (LLMs). In versions from 0.6.4 to before 0.12.0, users can crash the vLLM engine serving multimodal models that use the Idefics3 vision model implementation by sending a specially crafted 1x1 pixel image. This causes a tensor dimension mismatch that results in an unhandled runtime error, leading to complete server termination. This issue has been patched in version 0.12.0.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
vllm / vllm cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*

References