QSearchQSearch

CVE-2026-5497

7.5 HIGH

vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS) attack due to unbounded frame count proces...

Published: 2026-06-11 · Last updated: 2026-06-15

Severity and scoring

CVSS
7.5 HIGH
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE
CWE-400

Affected products

VendorProduct
vllmvllm

Description

vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS) attack due to unbounded frame count processing in the `VideoMediaIO.load_base64()` method. When processing `video/jpeg` data URLs, the method splits the base64 data string on commas to extract individual JPEG frames without enforcing a frame count limit. An attacker can exploit this by crafting a single API request containing thousands of comma-separated base64-encoded JPEG frames in a data URL, causing the server to decode all frames into memory and crash due to excessive memory consumption. This vulnerability is reachable via the OpenAI-compatible chat completions API and does not require authentication.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2026-12325 Denial-of-service in the Graphics: ImageLib component (6.5 MEDIUM)
  • CVE-2026-12319 Denial-of-service in the Audio/Video: Playback component (6.5 MEDIUM)
  • CVE-2026-50889 An input handling flaw in the HTTP refresh token process of LLDAP v0.6.2 allows attackers to cause a Denial of Service (DoS) via sending ... (7.5 HIGH)
  • CVE-2026-50882 An issue in the /api/v0/pastes endpoint of anna-is-cute paste v0.1.1 allows attackers to cause a Denial of Service (DoS) via a crafted PO... (7.5 HIGH)
  • CVE-2026-50879 An issue in the uploadPostHandler component of Andrei Marcu linx-server v2.3.8 allows attackers to cause a Denial of Service (DoS) via a ... (7.5 HIGH)