CVE-2026-41523 | THREATINT

Description

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.0, an assert-based security check in vLLM's activation function loading allows any unauthenticated attacker to achieve arbitrary code execution on the server by publishing a malicious HuggingFace model, when vLLM runs in Python optimized mode (python -O or PYTHONOPTIMIZE=1). This vulnerability is fixed in 0.22.0.

PUBLISHED Reserved 2026-04-20 | Published 2026-06-22 | Updated 2026-06-22 | Assigner GitHub_M

HIGH: 7.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Problem types

CWE-94: Improper Control of Generation of Code ('Code Injection')

CWE-617: Reachable Assertion

Product status

< 0.22.0

affected

References

github.com/...t/vllm/security/advisories/GHSA-q8gq-377p-jq3r

github.com/...ommit/b3c7ffcab82c2439726f8cb213800f6f38c023d3

huntr.com/bounties/dcb05b04-e625-41e7-adbc-bbae0cc2d64c

cve.org (CVE-2026-41523)

nvd.nist.gov (CVE-2026-41523)

Download JSON