Plattform
python
Komponente
vllm
Behoben in
0.14.2
0.14.1
A Server-Side Request Forgery (SSRF) vulnerability has been identified in the vLLM project's multimodal feature set, specifically within the MediaConnector class. This flaw allows attackers to bypass host name restrictions and potentially access internal network resources. The vulnerability impacts versions of vLLM up to 0.9.2, and a fix is available in version 0.14.1.
The SSRF vulnerability in vLLM allows an attacker to manipulate the server into making requests to unintended locations. By exploiting the differing interpretations of backslashes in Python parsing libraries used by the loadfromurl and loadfromurl_async methods, an attacker can bypass the intended host restriction. This enables access to internal services and data that should be inaccessible from the outside. The potential impact includes exfiltration of sensitive data, unauthorized access to internal systems, and potentially even remote code execution if internal services are vulnerable.
This vulnerability was publicly disclosed on January 28, 2026. There is currently no indication of active exploitation in the wild. The vulnerability is not listed on the CISA KEV catalog as of this writing. Public proof-of-concept code may become available, increasing the risk of exploitation.
Organizations deploying vLLM for multimodal applications, particularly those with internal services accessible over the network, are at risk. Environments utilizing older versions of vLLM (≤0.9.2) without proper network segmentation or WAF protection are especially vulnerable.
• python / server:
import os
import requests
def check_ssrf(url):
try:
response = requests.get(url, timeout=5)
print(f"URL {url} responded with status code: {response.status_code}")
except requests.exceptions.RequestException as e:
print(f"Error accessing {url}: {e}")
# Example usage - check for internal resource access
check_ssrf("http://localhost:8080/admin")disclosure
Exploit-Status
EPSS
0.02% (4% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-24779 is to upgrade to vLLM version 0.14.1 or later, which contains the fix. If an immediate upgrade is not feasible, consider implementing network segmentation to restrict the vLLM server's access to internal resources. Additionally, implement a Web Application Firewall (WAF) with SSRF protection rules to filter outbound requests and block malicious URLs. Carefully review and validate all user-provided URLs before processing them within the MediaConnector class.
Aktualisieren Sie die vLLM Bibliothek auf Version 0.14.1 oder höher. Dies behebt die SSRF Schwachstelle in der `MediaConnector` Klasse. Sie können aktualisieren mit `pip install vllm==0.14.1` oder einer neueren Version.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-24779 is a Server-Side Request Forgery vulnerability in vLLM versions up to 0.9.2, allowing attackers to bypass host restrictions and access internal resources.
You are affected if you are using vLLM versions 0.9.2 or earlier and have not applied the available fix.
Upgrade to vLLM version 0.14.1 or later to remediate the vulnerability. Consider network segmentation and WAF rules as interim measures.
As of now, there is no confirmed evidence of active exploitation in the wild, but public proof-of-concept code could change this.
Refer to the vLLM project's official security advisories and release notes for detailed information and updates regarding CVE-2026-24779.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.