{"data":{"id":"6fa7a9d2-9ac5-471b-8e3e-ab7d191bc9bb","title":"CVE-2026-56340: vLLM versions >= 0.10.2 and < 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because P","summary":"vLLM (a system for running large language models) versions 0.10.2 through 0.12.x lack proper validation of sparse tensors (data structures with mostly empty values) when processing multimodal embeddings (numerical representations combining text and images). An attacker can send malicious embedding requests with invalid tensor indices to crash the system, exhaust resources, or potentially corrupt memory if the prompt-embeds feature is enabled.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-56340","publishedAt":"2026-06-20T19:16:23.567Z","cveId":"CVE-2026-56340","cweIds":["CWE-20"],"cvssScore":"8.8","cvssSeverity":"high","severity":"high","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["NVIDIA"],"affectedVendorsRaw":["vLLM"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"network","attackComplexity":"low","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-20T19:16:23.567Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability","integrity"],"aiComponentTargeted":"inference","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}