CVE-2026-9540
5.3 MEDIUMA vulnerability was identified in vllm-project vllm 0.19.0
Published: 2026-05-26 · Last updated: 2026-05-26
Severity and scoring
- CVSS
- 5.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
- CWE
- CWE-404
Description
A vulnerability was identified in vllm-project vllm 0.19.0. This issue affects some unknown processing of the component OpenAI-compatible Serving Path. Such manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The pull request to fix this issue awaits acceptance.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-9540
- [Other]https://github.com/vllm-project/vllm/
- [Other]https://github.com/vllm-project/vllm/issues/37343
- [Other]https://github.com/vllm-project/vllm/pull/37594
- [Other]https://ingero.io/debugging-vllm-latency-minimax-ollama-mcp/
- [Other]https://vuldb.com/submit/814645
- [Other]https://vuldb.com/vuln/365601
- [Other]https://vuldb.com/vuln/365601/cti
Related CVEs
Same CWE
- CVE-2026-11317 — A denial of service security issue exists in the affected product
- CVE-2026-45174 — Idira Endpoint Privilege Manager Linux Agent versions prior to 26.5 allow a local attacker to potentially compromise the agent daemon ini...
- CVE-2026-47213 — Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to ru... (6.5 MEDIUM)
- CVE-2026-11312 — A vulnerability was found in bytedance InfiniStore up to 0.2.33 (3.3 LOW)
- CVE-2026-10802 — A vulnerability was detected in keystonejs keystone up to 20260319 (4.3 MEDIUM)