Vllm
AI Threat Alert tracks 31 known AI/ML vulnerabilities affecting Vllm products — each enriched with CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis. Browse every Vllm CVE below, sorted by severity and recency.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | CVE-2025-62372 | vllm: security flaw enables exploitation | vllm | 6.5 |
| MEDIUM | CVE-2025-62426 | vllm: Resource Exhaustion enables DoS | vllm | 6.5 |
| HIGH | CVE-2025-66448 | vllm: Code Injection enables RCE | vllm | 8.8 |
| HIGH | CVE-2026-22773 | vllm: Resource Exhaustion enables DoS | vllm | 7.5 |
| CRITICAL | CVE-2026-22807 | vllm: Code Injection enables RCE | vllm | 9.8 |
| HIGH | CVE-2026-24779 | vllm: SSRF allows internal network access | vllm | 7.1 |
| CRITICAL | CVE-2026-22778 | vllm: security flaw enables exploitation | vllm | 9.8 |
| MEDIUM | CVE-2026-55646 | vllm | 6.5 | |
| HIGH | CVE-2026-54234 | vLLM: crafted spec-decoding request crashes GPU worker (DoS) | vllm | 7.5 |
| MEDIUM | CVE-2026-55514 | vLLM: malformed prompt embeds crash serving via M-RoPE | vllm | 6.5 |
| HIGH | CVE-2026-55574 | vLLM: unbounded regex compile hangs inference worker (ReDoS) | xgrammar | 7.5 |
Page 2 of 2
Frequently asked questions
How many known vulnerabilities affect Vllm?
31 AI/ML CVEs affecting Vllm products are tracked, sourced from NVD and GitHub Advisory.
What Vllm products are affected?
The CVEs below map to the Vllm AI/ML packages and tools tracked by AI Threat Alert; open any CVE to see the affected components and versions.
Where does the Vllm vulnerability data come from?
Data is sourced from NVD and GitHub Advisory, then enriched with CVSS severity, EPSS exploit probability, and patch status for each CVE.
How can I monitor Vllm for new vulnerabilities?
AI Threat Alert tracks Vllm continuously; a Pro subscription adds breaking alerts when new CVEs affecting Vllm are published.
How do I assess Vllm's security exposure?
Each CVE below carries CVSS severity and exploitation signals, so you can review the highest-severity Vllm issues first and judge the exposure for your stack.