{"data":{"id":"9db90a97-9702-48de-9fb4-c01e63c7cf9a","title":"CVE-2026-54234: vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, a frontend-legal ","summary":"vLLM (a system for running LLMs efficiently) versions before 0.24.0 have a bug where certain requests can cause the rejection sampler (a component that filters generated tokens) to produce an invalid token value that crashes the engine's GPU worker. Because these requests can be sent remotely through public endpoints, an attacker can trigger this crash to shut down the service for all users until the worker restarts, creating a denial of service attack (making a service unavailable to legitimate users).","solution":"Update to vLLM version 0.24.0 or later, where this issue is fixed.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-54234","publishedAt":"2026-07-06T21:16:56.477Z","cveId":"CVE-2026-54234","cweIds":["CWE-20","CWE-1284"],"cvssScore":"7.5","cvssSeverity":"high","severity":"high","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["vLLM"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-07-06T21:16:56.477Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability"],"aiComponentTargeted":"inference","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}