{"data":{"id":"2ba12c77-2687-43c7-adbc-0c285e06e34b","title":"CVE-2026-55514: vLLM is a library for LLM inference and serving. From 0.12.0 to before 0.24.0, sending a pure prompt embeds payload in a","summary":"vLLM is a library for running and serving large language models (LLMs, AI systems that generate text). Versions 0.12.0 through 0.23.x have a bug where sending certain specially crafted requests to the /v1/completions endpoint (an API route for generating text) with models using M-RoPE (a rotary position embedding technique) causes the server to crash and stop working entirely, and any authorized user can trigger this crash.","solution":"This issue is fixed in version 0.24.0. Users should upgrade to vLLM version 0.24.0 or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-55514","publishedAt":"2026-07-06T21:16:57.207Z","cveId":"CVE-2026-55514","cweIds":["CWE-617"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["vLLM"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-07-06T21:16:57.207Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"inference","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}