Plattform
python
Komponente
vllm
Behoben in
0.8.4
0.14.1
CVE-2026-22778 represents a severe Remote Code Execution (RCE) vulnerability discovered in vLLM, a fast LLM inference and serving engine. This vulnerability allows attackers to execute arbitrary commands on the server by exploiting a combination of an information leak and a heap overflow within the JPEG2000 decoder. The vulnerability affects versions of vLLM up to 0.9.2, and a patch is available in version 0.14.1.
The impact of CVE-2026-22778 is severe. An attacker can exploit this vulnerability by sending a malicious video URL to vLLM's Completions or Invocations endpoint for a video model. The initial information leak exposes memory addresses, bypassing Address Space Layout Randomization (ASLR). Subsequently, a heap overflow in the JPEG2000 decoder, likely within OpenCV or FFmpeg, allows the attacker to hijack code execution. This enables the attacker to execute arbitrary commands on the server hosting the vLLM instance. Given the potential for complete system compromise, the blast radius is significant, particularly for deployments without authentication or with weak authentication configurations.
CVE-2026-22778 was publicly disclosed on 2026-02-02. The vulnerability chain, involving an info leak followed by a heap overflow, shares similarities with exploitation patterns seen in other memory corruption vulnerabilities. There is currently no indication of this vulnerability being actively exploited in the wild, but the ease of exploitation and the critical severity warrant immediate attention. The vulnerability is not currently listed on CISA KEV, and an EPSS score is pending evaluation.
Exploit-Status
EPSS
0.08% (24% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-22778 is to upgrade vLLM to version 0.14.1 or later, which includes the necessary fixes. If upgrading immediately is not feasible, consider implementing temporary workarounds. Restricting access to the vLLM Completions and Invocations endpoints, particularly for video models, can reduce the attack surface. Input validation and sanitization of video URLs should be implemented to prevent malicious payloads from being processed. Monitoring system logs for unusual activity, such as unexpected process executions or memory corruption errors, is also recommended. After upgrading, confirm the fix by attempting to trigger the vulnerability with a known malicious video URL and verifying that the server does not execute arbitrary commands.
Aktualisieren Sie die vLLM-Bibliothek auf Version 0.14.1 oder höher. Dies behebt die Heap-Adress-Leak-Schwachstelle. Sie können mit `pip install vllm==0.14.1` oder einem ähnlichen Befehl entsprechend Ihrer Umgebung aktualisieren.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
ASLR (Address Space Layout Randomization) is a security technique that randomizes the memory locations of processes, making it harder for attackers to predict where data and code are located, thus hindering exploitation.
If an immediate update isn’t possible, implement mitigations such as enabling authentication and monitoring system logs for suspicious activity. Consider patching OpenCV/FFmpeg if feasible.
Videos using the JPEG2000 format are most vulnerable due to the heap overflow in the decoder.
If you are using a version prior to 0.14.1 and haven’t applied any mitigations, you are likely vulnerable. Verify the vLLM version you are using.
Currently, there are no specific tools to detect this vulnerability. Monitoring logs and verifying the vLLM version are the best options.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.