{"data":{"id":"36b43c03-af06-4667-948d-974b43d4d645","title":"GHSA-7h4p-rffg-7823: vLLM: temperature=NaN and temperature=Infinity bypass validation and propagate to GPU kernels","summary":"vLLM has a validation bypass where temperature values set to NaN (not-a-number) or positive Infinity pass all safety checks because comparison operators silently return False for these special float values in Python. These invalid values then reach GPU sampling kernels, causing crashes that take down the inference worker and affect all users running models on it.","solution":"Add a `math.isfinite(self.temperature)` check in the `_verify_args()` function to reject non-finite float values with a 400 error. A fix was merged in https://github.com/vllm-project/vllm/pull/45116","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-7h4p-rffg-7823","publishedAt":"2026-06-17T14:02:22.000Z","cveId":"CVE-2026-54235","cweIds":null,"cvssScore":null,"cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":["vllm@<= 0.23.0"],"affectedVendors":[],"affectedVendorsRaw":["vLLM"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-17T14:02:22.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"inference","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}