CVE-2026-41523

Summary

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.0, an assert-based security check in vLLM's activation function loading allows any unauthenticated attacker to achieve arbitrary code execution on the server by publishing a malicious HuggingFace model, when vLLM runs in Python optimized mode (python -O or PYTHONOPTIMIZE=1). This vulnerability is fixed in 0.22.0.

Affected Software

VendorProductVersion RangeStatus
vllm-projectvllm< 0.22.0affected

Weaknesses

  • CWE-94: CWE-94: Improper Control of Generation of Code ('Code Injection')
  • CWE-617: CWE-617: Reachable Assertion

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

vllm: vLLM: Arbitrary code execution via malicious HuggingFace model

Additional References

References