Incorrect Type Conversion or Cast in vllm | CVE-2026-44223

Q: How to fix?

Upgrade vllm to version 0.20.0 or higher.

Introduced: 6 May 2026

NewCVE-2026-44223 (opens in a new tab) CWE-131 (opens in a new tab) CWE-704 (opens in a new tab)

How to fix?

Upgrade vllm to version 0.20.0 or higher.

Overview

vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs

Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast through the extract_hidden_states speculative decoding. An attacker can cause the server to crash and disrupt service availability by submitting a request containing penalty parameters such as repetition_penalty, frequency_penalty, or presence_penalty.

Note: This is only exploitable if the speculative decoding method is set to extract_hidden_states.

Workaround

This vulnerability can be mitigated by avoiding the use of extract_hidden_states as the speculative decoding method or by filtering out penalty parameters from incoming requests at an API gateway.

References

CVSS Base Scores

version 4.0

version 3.1

Attack Vector (AV)
Network
Attack Complexity (AC)
Low
Attack Requirements (AT)
Present
Privileges Required (PR)
Low
User Interaction (UI)
None

Confidentiality (VC)
None
Integrity (VI)
None
Availability (VA)
High

Confidentiality (SC)
None
Integrity (SI)
None
Availability (SA)
None

Incorrect Type Conversion or Cast Affecting vllm package, versions [0.18.0, 0.20.0)

Severity

Do your applications use this vulnerable package?