{"data":{"id":"2c7ca275-3e1f-49ab-857d-8bf7be6794e9","title":"CVE-2026-5497: vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS) attack due to unbounded f","summary":"vLLM (an open-source tool for running large language models) versions 0.8.0 and later have a vulnerability where attackers can crash the server by sending a single request with thousands of video frames packed into one data URL. The vulnerability exists because the code that processes video frames doesn't limit how many frames it will try to load into memory, so an attacker can force it to decode so many frames that the server runs out of memory and stops working.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-5497","publishedAt":"2026-06-11T10:16:21.903Z","cveId":"CVE-2026-5497","cweIds":["CWE-400"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["vLLM"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-11T10:16:21.903Z","capecIds":["CAPEC-125","CAPEC-130"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"inference","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}