CVE-2026-22807

HIGH SEVERITY

CVSS Score & Metrics

Base Score

8.8 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H                                    

Vulnerability Description

vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to version 0.14.0, vLLM loads Hugging Face `auto_map` dynamic modules during model resolution without gating on `trust_remote_code`, allowing attacker-controlled Python code in a model repo/path to execute at server startup. An attacker who can influence the model repo/path (local directory or remote Hugging Face repo) can achieve arbitrary code execution on the vLLM host during model load. This happens before any request handling and does not require API access. Version 0.14.0 fixes the issue.

Vulnerability Details

Published Date

January 21, 2026

Last Modified

January 26, 2026

CWE ID

CWE-94

Source

GitHub

Vendor

pip

Product

vllm

External References

https://github.com/vllm-project/vllm/security/advisories/GHSA-2pc9-4j83-qjmr
https://github.com/vllm-project/vllm/pull/32194
https://github.com/vllm-project/vllm/commit/78d13ea9de4b1ce5e4d8a5af9738fea71fb024e5
https://github.com/vllm-project/vllm/releases/tag/v0.14.0
https://nvd.nist.gov/vuln/detail/CVE-2026-22807
https://github.com/advisories/GHSA-2pc9-4j83-qjmr

CVE-2026-22807

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment