HIGHCVE-2026-24779CVSS 7.1

CVE-2026-24779: SSRF in vLLM Multimodal Feature

Q: What is CVE-2026-24779 — SSRF in vLLM Multimodal Feature?

CVE-2026-24779 is a Server-Side Request Forgery vulnerability in vLLM versions up to 0.9.2, allowing attackers to bypass host restrictions and access internal resources.

Q: Am I affected by CVE-2026-24779 in vLLM Multimodal Feature?

You are affected if you are using vLLM versions 0.9.2 or earlier and have not applied the available fix.

Q: How do I fix CVE-2026-24779 in vLLM Multimodal Feature?

Upgrade to vLLM version 0.14.1 or later to remediate the vulnerability. Consider network segmentation and WAF rules as interim measures.

Q: Is CVE-2026-24779 being actively exploited?

As of now, there is no confirmed evidence of active exploitation in the wild, but public proof-of-concept code could change this.

Q: Where can I find the official vLLM advisory for CVE-2026-24779?

Refer to the vLLM project's official security advisories and release notes for detailed information and updates regarding CVE-2026-24779.

Platform

python

Component

vllm

Fixed in

0.14.2

0.14.1

AI Confidence: highNVDEPSS 0.0%Reviewed: May 2026

View on NVD

Save

A Server-Side Request Forgery (SSRF) vulnerability has been identified in the vLLM project's multimodal feature set, specifically within the MediaConnector class. This flaw allows attackers to bypass host name restrictions and potentially access internal network resources. The vulnerability impacts versions of vLLM up to 0.9.2, and a fix is available in version 0.14.1.

Impact and Attack Scenarios

The SSRF vulnerability in vLLM allows an attacker to manipulate the server into making requests to unintended locations. By exploiting the differing interpretations of backslashes in Python parsing libraries used by the loadfromurl and loadfromurl_async methods, an attacker can bypass the intended host restriction. This enables access to internal services and data that should be inaccessible from the outside. The potential impact includes exfiltration of sensitive data, unauthorized access to internal systems, and potentially even remote code execution if internal services are vulnerable.

Exploitation Context

This vulnerability was publicly disclosed on January 28, 2026. There is currently no indication of active exploitation in the wild. The vulnerability is not listed on the CISA KEV catalog as of this writing. Public proof-of-concept code may become available, increasing the risk of exploitation.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown

CISA KEVNO

Internet ExposureHigh

Reports1 threat report

EPSS

0.02% (4% percentile)

CISA SSVC

Exploitationpoc

Automatableno

Technical Impact

Affected Software

Componentvllm

Vendorosv

Affected rangeFixed in

< 0.14.1 – < 0.14.10.14.2

—0.14.1

Weakness Classification (CWE)

CWE-918

Timeline

Reserved2026-01-26
Published2026-01-28
Modified2026-03-27
EPSS updated2026-03-23

Patched -3 days after disclosure

Mitigation and Workarounds

The primary mitigation for CVE-2026-24779 is to upgrade to vLLM version 0.14.1 or later, which contains the fix. If an immediate upgrade is not feasible, consider implementing network segmentation to restrict the vLLM server's access to internal resources. Additionally, implement a Web Application Firewall (WAF) with SSRF protection rules to filter outbound requests and block malicious URLs. Carefully review and validate all user-provided URLs before processing them within the MediaConnector class.

How to fix

Update the vLLM library to version 0.14.1 or higher. This fixes the SSRF vulnerability in the `MediaConnector` class. You can update using `pip install vllm==0.14.1` or a more recent version.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2026-24779 — SSRF in vLLM Multimodal Feature?