Platform
python
Component
vllm
Fixed in
0.6.5
0.12.0
CVE-2026-22773 describes a denial-of-service vulnerability within vLLM, an inference and serving engine for large language models. An attacker can trigger a server crash by sending a specially crafted 1x1 pixel image while the server is serving multimodal models utilizing the Idefics3 vision model implementation. This vulnerability impacts versions of vLLM up to and including 0.9.2, and a fix is available in version 0.12.0.
The primary impact of CVE-2026-22773 is a denial-of-service (DoS). A successful exploit results in the complete termination of the vLLM server, rendering it unavailable to legitimate users. This can disrupt LLM inference and serving operations, potentially impacting applications relying on these services. The simplicity of the attack vector – sending a single, small image – makes it relatively easy to exploit, increasing the potential for widespread disruption. The vulnerability's reliance on the Idefics3 vision model suggests that services specifically configured to use this model are at higher risk.
This vulnerability was publicly disclosed on January 13, 2026. There is no indication of active exploitation campaigns at this time. No public proof-of-concept (PoC) code has been released. The vulnerability is not currently listed on the CISA KEV catalog. Given the relatively simple attack vector and the potential for disruption, it is prudent to apply the patch promptly.
Exploit Status
EPSS
0.02% (5% percentile)
CISA SSVC
CVSS Vector
The recommended mitigation for CVE-2026-22773 is to upgrade to vLLM version 0.12.0 or later, which contains the fix for this vulnerability. If upgrading immediately is not feasible, consider implementing input validation to reject images with extremely small dimensions (e.g., 1x1 pixels) before they are processed by the Idefics3 vision model. While not a complete solution, this can provide a temporary layer of protection. Monitor server logs for unexpected crashes or errors related to tensor dimension mismatches, which could indicate an attempted exploit. After upgrading, confirm the fix by attempting to serve a multimodal model with a 1x1 pixel image and verifying that the server does not crash.
Update the vLLM library to version 0.12.0 or higher. This will resolve the denial-of-service vulnerability caused by sending images with ambiguous dimensions to Idefics3 models. The update can be performed using the Python package manager, pip.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-22773 is a denial-of-service vulnerability in vLLM versions up to 0.9.2. A crafted 1x1 pixel image can crash the server when serving multimodal models using the Idefics3 vision model.
You are affected if you are using vLLM version 0.9.2 or earlier and are serving multimodal models with the Idefics3 vision model.
Upgrade to vLLM version 0.12.0 or later to resolve this vulnerability. As a temporary workaround, implement input validation to reject very small images.
There is currently no evidence of active exploitation of CVE-2026-22773.
Refer to the vLLM project's official release notes and security advisories for details: [https://github.com/vllm-project/vllm/releases](https://github.com/vllm-project/vllm/releases)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.