Plattform
python
Komponente
vllm
Behoben in
0.6.5
0.12.0
CVE-2026-22773 describes a denial-of-service vulnerability within vLLM, an inference and serving engine for large language models. An attacker can trigger a server crash by sending a specially crafted 1x1 pixel image while the server is serving multimodal models utilizing the Idefics3 vision model implementation. This vulnerability impacts versions of vLLM up to and including 0.9.2, and a fix is available in version 0.12.0.
The primary impact of CVE-2026-22773 is a complete denial of service. A malicious actor can easily trigger the vulnerability by sending a small, specially crafted image. This results in an unhandled runtime error due to a tensor dimension mismatch, causing the vLLM server to crash. The blast radius is limited to the affected vLLM server instance; however, this can disrupt critical applications relying on the LLM inference service. While no direct data exfiltration is possible through this vulnerability, the disruption of service can indirectly impact data availability and processing pipelines. The simplicity of triggering the vulnerability makes it a high-impact concern, particularly in environments with exposed LLM inference endpoints.
CVE-2026-22773 was published on January 13, 2026. Currently, there are no known public exploits or active campaigns targeting this vulnerability. The vulnerability's simplicity suggests a potential for easy exploitation, but its relatively recent disclosure means it hasn't yet been widely targeted. The EPSS score is pending evaluation. Monitor security advisories and threat intelligence feeds for any signs of exploitation.
Organizations and developers deploying vLLM for LLM inference and serving, particularly those utilizing multimodal models with the Idefics3 vision model, are at risk. Services that rely on vLLM for real-time inference or critical applications are especially vulnerable to the disruption caused by a denial-of-service attack.
• python / server: Monitor vLLM server logs for errors related to tensor dimension mismatches or runtime exceptions during image processing.
# Example: Check for specific error messages in the logs
import re
with open('vllm.log', 'r') as f:
for line in f:
if re.search(r'tensor dimension mismatch', line):
print('Potential CVE-2026-22773 exploit attempt detected!')disclosure
Exploit-Status
EPSS
0.02% (5% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-22773 is to upgrade vLLM to version 0.12.0 or later, which contains the fix. If immediate upgrading is not feasible, consider implementing input validation on the image processing pipeline to reject images with dimensions that trigger the vulnerability. Specifically, block images with a size of 1x1 pixels. Additionally, consider rate limiting requests to the inference endpoint to mitigate potential DoS attacks. After upgrading, confirm the fix by attempting to send the triggering 1x1 pixel image and verifying that the server does not crash.
Actualice la biblioteca vLLM a la versión 0.12.0 o superior. Esto solucionará la vulnerabilidad de denegación de servicio causada por el envío de imágenes con dimensiones ambiguas a modelos Idefics3. La actualización se puede realizar utilizando el gestor de paquetes de Python, pip.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-22773 is a denial-of-service vulnerability in vLLM versions up to 0.9.2. A crafted 1x1 pixel image can crash the server when serving multimodal models using the Idefics3 vision model.
You are affected if you are using vLLM version 0.9.2 or earlier and are serving multimodal models with the Idefics3 vision model.
Upgrade to vLLM version 0.12.0 or later to resolve this vulnerability. As a temporary workaround, implement input validation to reject very small images.
There is currently no evidence of active exploitation of CVE-2026-22773.
Refer to the vLLM project's official release notes and security advisories for details: [https://github.com/vllm-project/vllm/releases](https://github.com/vllm-project/vllm/releases)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.