Uncaught Exception Affecting vllm package, versions [,0.24.0)


Severity

Recommended
0.0
high
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.34% (27th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-PYTHON-VLLM-17872259
  • published6 Jul 2026
  • disclosed6 Jul 2026
  • creditUnknown

Introduced: 6 Jul 2026

NewCVE-2026-54234  (opens in a new tab)
CWE-248  (opens in a new tab)

How to fix?

Upgrade vllm to version 0.24.0 or higher.

Overview

vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs

Affected versions of this package are vulnerable to Uncaught Exception through the rejection sampler process. An attacker can cause the engine worker to crash and abort concurrent requests by sending specially crafted generation requests via the public gRPC Generate and Abort endpoints, resulting in a service-wide outage for other clients until the worker is restarted.

CVSS Base Scores

version 4.0
version 3.1