{"data":{"id":"9476f42f-6381-496a-819c-0aa34d2d82c0","title":"CVE-2026-9540: A vulnerability was identified in vllm-project vllm 0.19.0. This issue affects some unknown processing of the component ","summary":"A vulnerability (CVE-2026-9540) was found in vllm version 0.19.0 that affects the OpenAI-compatible Serving Path component and can be exploited remotely to cause a denial of service (making a service unavailable by overwhelming it). The vulnerability has a CVSS score (a 0-10 rating of how severe a vulnerability is) of 5.5 (medium severity), and a public exploit is already available.","solution":"A pull request to fix this issue awaits acceptance (mentioned in the source as pending at https://github.com/vllm-project/vllm/pull/37594).","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-9540","publishedAt":"2026-05-26T14:16:45.803Z","cveId":"CVE-2026-9540","cweIds":["CWE-404"],"cvssScore":"5.3","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["vLLM"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-26T14:16:45.803Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability"],"aiComponentTargeted":"inference","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}