CVE-2026-56340
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
vLLM versions >= 0.10.2 and < 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests with malformed (negative or out-of-bounds) tensor indices, when the prompt-embeds feature is enabled, to trigger crashes or resource exhaustion (denial of service), with potential for out-of-bounds/write-what-where memory corruption. This continues CVE-2025-62164, whose prior fix only disabled the feature by default rather than addressing the root cause.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| vLLM | vLLM | 0.10.2 < 0.13.0 | affected |
| vLLM | vLLM | 0.13.0 | unaffected |
Weaknesses
- CWE-20: Improper Input Validation
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
vllm: vLLM: Denial of service and potential arbitrary code execution via malformed multimodal embedding requests
Additional References
- https://access.redhat.com/security/cve/CVE-2026-56340
- https://bugzilla.redhat.com/show_bug.cgi?id=2491060
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-56340.json
References
- https://github.com/vllm-project/vllm/security/advisories/GHSA-mcmc-2m55-j8jj
- https://www.vulncheck.com/advisories/vllm-denial-of-service-via-unvalidated-multimodal-embeddings
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.