Out-of-bounds Write Affecting vllm package, versions [0.10.2,0.13.0)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-PYTHON-VLLM-14908857
- published31 Mar 2026
- disclosed8 Jan 2026
- creditUnknown
Introduced: 8 Jan 2026
CVE NOT AVAILABLE CWE-123 (opens in a new tab)How to fix?
Upgrade vllm to version 0.13.0 or higher.
Overview
vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs
Affected versions of this package are vulnerable to Out-of-bounds Write via the to_dense function in the Completions API endpoint when processing user-supplied prompt embeddings. An attacker can achieve memory corruption, crash the server process, or potentially execute arbitrary code by submitting maliciously crafted serialized tensors that bypass internal bounds checks.
Note:
This issue exists due to the insufficient fix for CVE-2025-62164.
Current fix adds a flag to disable/enable prompt embeds, so by default, prompt embeds feature is disabled in vLLM, which stops DoS attacks through the embeddings. However, the issue is still present when the flag is enabled.