{"data":{"id":"97083055-abe2-4a31-b778-7ee97759ddab","title":"CVE-2026-34760: vLLM is an inference and serving engine for large language models (LLMs). From version 0.5.5 to before version 0.18.0, L","summary":"vLLM versions 0.5.5 through 0.17.x have a bug where Librosa (a library that processes audio) uses a simple averaging method for mono downmixing (converting multi-channel audio to single-channel), but the international standard ITU-R BS.775-4 requires a weighted algorithm instead. This causes audio to sound different to humans than what AI models actually process, creating a mismatch in how the same audio is experienced.","solution":"This issue has been patched in version 0.18.0.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-34760","publishedAt":"2026-04-02T20:16:25.437Z","cveId":"CVE-2026-34760","cweIds":["CWE-20"],"cvssScore":"5.9","cvssSeverity":"medium","severity":"medium","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["vLLM","Librosa","transformers"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L","attackVector":"network","attackComplexity":"high","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-04-02T20:16:25.437Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity"],"aiComponentTargeted":"inference","llmSpecific":true,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}