Back to overview

CVE-2026-54234

HIGH Exploitation: PoC
7.5
CVSS 3.1
Description
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, a frontend-legal multi-request speculative decoding workload can cause the rejection sampler to produce a recovered token equal to the model vocabulary size boundary value, which is then converted to negative one when the engine selects the next live token for a request and is written back into the drafter's input ids; that out-of-vocabulary value is later consumed by the model's embedding and attention path and crashes the engine worker with a GPU device-side assertion. The same triggering request sequence is reachable through the public gRPC Generate and Abort endpoints, so a remote client that can send generation requests can crash the shared engine worker, aborting concurrent requests and causing a service-wide denial of service for other clients of the deployment until the worker is restarted. This issue is fixed in version 0.24.0.

Metadata

CVE ID
CVE-2026-54234
State
PUBLISHED
Assigner
GitHub_M
Reserved
2026-06-12 16:25 UTC
Published
2026-07-06 19:49 UTC
Last updated
2026-07-07 14:13 UTC
Primary CWE
CWE-20
CWE-20: Improper Input Validation
Vendor / Product
vllm-project / vllm
Sources
cve.org  ·  NVD

Severity & Metrics

7.5 HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
SSVC — CISA Coordinator
Exploitation
PoC
Automatable
yes
Tech. Impact
partial
Affected products (1)
VendorProductPlatformVersions
vllm-project vllm < 0.24.0
Weakness (CWE)
CWESourceDescription
CWE-1284 cna CWE-1284: Improper Validation of Specified Quantity in Input
CWE-20 cna CWE-20: Improper Input Validation
CVSS scores (1)
ScoreSeverityVersionSourceVector
7.5 HIGH 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References (3)
Back to overview