CVE-2026-44223

MEDIUM EPSS 28.5%
Published May 12, 20261mo ago · Modified Jun 22, 20261w ago
6.5 CVSS 3.1
Medium
Find Similar
Published May 12, 2026 1mo ago
Last Modified Jun 22, 2026 1w ago

Description

vLLM is an inference and serving engine for large language models (LLMs). From 0.18.0 to before 0.20.0, the extract_hidden_states speculative decoding proposer in vLLM returns a tensor with an incorrect shape after the first decode step, causing a RuntimeError that crashes the EngineCore process. The crash is triggered when any request in the batch uses sampling penalty parameters (repetition_penalty, frequency_penalty, or presence_penalty). A single request with a penalty parameter (e.g., "repetition_penalty": 1.1) is sufficient to crash the server. This vulnerability is fixed in 0.20.0.

CVSS Details

Base Score
6.5
Exploitability
2.8
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
28.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 2

CWE-131
CWE-704

Affected Products 1

VendorProductVersionRange
vllmvllm*≥0.18.0  –  <0.20.0

References 2

  • github.com https://github.com/vllm-project/vllm/pull/38610
    Issue TrackingPatch
  • github.com https://github.com/vllm-project/vllm/security/advisories/GHSA-83vm-p52w-f9pw
    MitigationVendor Advisory

Remediation

  • github.com https://github.com/vllm-project/vllm/pull/38610
    Issue TrackingPatch