CVE-2026-56340 | vLLM versions >= 0.10.2 and < 0.13.0 are missing sparse tens… | CVSS 8.8 HIGH

Description

vLLM versions >= 0.10.2 and < 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests with malformed (negative or out-of-bounds) tensor indices, when the prompt-embeds feature is enabled, to trigger crashes or resource exhaustion (denial of service), with potential for out-of-bounds/write-what-where memory corruption. This continues CVE-2025-62164, whose prior fix only disabled the feature by default rather than addressing the root cause.

Metadata

CVE ID: CVE-2026-56340
State: PUBLISHED
Assigner: VulnCheck
Reserved: 2026-06-20 13:13 UTC
Published: 2026-06-20 18:27 UTC
Last updated: 2026-06-20 18:27 UTC
Primary CWE: CWE-20
Improper Input Validation
Vendor / Product: vLLM / vLLM
Sources: cve.org · NVD

Severity & Metrics

8.8 HIGH CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products (1)

Vendor	Product	Platform	Versions
vLLM	vLLM	—	0.10.2 < 0.13.0, 0.13.0

Weakness (CWE)

CWE	Source	Description
CWE-20	cna	Improper Input Validation

CVSS scores (2)

Score	Severity	Version	Source	Vector
8.8	HIGH	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.7	HIGH	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References (2)

GHSA Advisory GHSA-mcmc-2m55-j8jj https://github.com/vllm-project/vllm/security/advisories/GHSA-mcmc-2m55-j8jj
VulnCheck Advisory: vLLM - Denial of Service via Unvalidated Multimodal Embeddings https://www.vulncheck.com/advisories/vllm-denial-of-service-via-unvalidated-multimodal-embeddings