Plattform
python
Komponente
vllm
Behoben in
0.10.2
0.18.0
CVE-2026-27893 describes a Remote Code Execution (RCE) vulnerability affecting vllm versions up to 0.17.1. This vulnerability arises from the hardcoding of trustremotecode=True within specific model implementation files, effectively bypassing user-configured security opt-outs. Successful exploitation allows attackers to execute arbitrary code via malicious model repositories, even when users have explicitly disabled remote code trust. A fix is available in vllm 0.18.0.
The core of this vulnerability lies in the bypassing of the --trust-remote-code=False security setting. Normally, this flag prevents vllm from executing code from untrusted sources, such as malicious model repositories. However, the hardcoded trustremotecode=True overrides this, allowing an attacker to craft a malicious model repository that, when loaded by vllm, executes arbitrary code on the server. The potential impact is severe, ranging from unauthorized data access and modification to complete system compromise. An attacker could potentially steal sensitive data, install malware, or use the compromised server as a launchpad for further attacks within the network. This vulnerability shares similarities with other remote code execution flaws where trust mechanisms are bypassed, highlighting the importance of carefully reviewing and configuring trust settings in machine learning frameworks.
CVE-2026-27893 was publicly disclosed on 2026-03-27. The vulnerability's severity is rated HIGH (CVSS 8.8). There are currently no known public exploits or active campaigns targeting this vulnerability, but the ease of exploitation (bypassing a security flag) suggests a potential for rapid exploitation if a suitable malicious model repository is created. It is not currently listed on the CISA KEV catalog.
Users deploying vllm for large language model inference, particularly those loading models from external or untrusted sources, are at significant risk. Organizations utilizing vllm in production environments, especially those with automated model deployment pipelines, should prioritize upgrading to the patched version. Shared hosting environments where multiple users may load models are also at increased risk.
• python / server:
import os
import subprocess
def check_vllm_version():
try:
result = subprocess.check_output(['pip', 'show', 'vllm'], stderr=subprocess.STDOUT)
version = result.decode('utf-8').split('Version: ')[1].strip()
if version <= '0.17.1':
print("Vulnerable vllm version detected: {}".format(version))
else:
print("vllm version is safe: {}".format(version))
except FileNotFoundError:
print("vllm is not installed.")
except subprocess.CalledProcessError as e:
print("Error checking vllm version: {}".format(e))
check_vllm_version()disclosure
patch
Exploit-Status
EPSS
0.03% (9% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-27893 is to upgrade vllm to version 0.18.0 or later, which includes the fix for this vulnerability. If upgrading immediately is not feasible, consider temporarily restricting access to the vllm service to trusted users only. While not a complete solution, this can limit the potential attack surface. Additionally, carefully review any model repositories used by vllm and ensure they are from trusted sources. There are no specific WAF or proxy rules that can directly address this vulnerability, as it's a code execution issue within the application itself. Detection signatures are challenging to create without specific malicious model patterns, but monitoring for unusual process execution related to vllm could be beneficial.
Actualice vLLM a la versión 0.18.0 o superior. Esto corrige la vulnerabilidad que permite la ejecución remota de código al cargar modelos con `trust_remote_code=True` incluso cuando el usuario ha deshabilitado explícitamente la confianza en el código remoto.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-27893 is a Remote Code Execution vulnerability in vllm versions up to 0.17.1. It allows attackers to execute code via malicious model repositories due to hardcoded trust settings.
If you are using vllm version 0.17.1 or earlier, you are affected by this vulnerability. Check your version using pip show vllm.
Upgrade to vllm version 0.18.0 or later. This resolves the hardcoded trust setting and mitigates the vulnerability.
While no public exploits are currently known, the vulnerability's ease of exploitation suggests a potential for active exploitation. Monitor your systems closely.
Refer to the vllm project's official security advisories and release notes on their GitHub repository: [https://github.com/vllm-project/vllm](https://github.com/vllm-project/vllm)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.