CVE-2026-22807
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to version 0.14.0, vLLM loads Hugging Face auto_map dynamic modules during model resolution without gating on trust_remote_code, allowing attacker-controlled Python code in a model repo/path to execute at server startup. An attacker who can influence the model repo/path (local directory or remote Hugging Face repo) can achieve arbitrary code execution on the vLLM host during model load. This happens before any request handling and does not require API access. Version 0.14.0 fixes the issue.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| vllm-project | vllm | >= 0.10.1, < 0.14.0 | affected |
Weaknesses
- CWE-94: CWE-94: Improper Control of Generation of Code ('Code Injection')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
vLLM: vLLM: Arbitrary code execution via untrusted model loading
Additional References
- https://access.redhat.com/security/cve/CVE-2026-22807
- https://bugzilla.redhat.com/show_bug.cgi?id=2431865
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22807.json
- https://access.redhat.com/errata/RHSA-2026:3461
- https://access.redhat.com/errata/RHSA-2026:3462
- https://access.redhat.com/errata/RHSA-2026:30089
- https://access.redhat.com/errata/RHSA-2026:30088
- https://access.redhat.com/errata/RHSA-2026:30087
- https://access.redhat.com/errata/RHSA-2026:10184
- https://access.redhat.com/errata/RHSA-2026:3782
- https://access.redhat.com/errata/RHSA-2026:3713
- https://access.redhat.com/errata/RHSA-2026:5119
References
- https://github.com/vllm-project/vllm/security/advisories/GHSA-2pc9-4j83-qjmr
- https://github.com/vllm-project/vllm/pull/32194
- https://github.com/vllm-project/vllm/commit/78d13ea9de4b1ce5e4d8a5af9738fea71fb024e5
- https://github.com/vllm-project/vllm/releases/tag/v0.14.0
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.