{"data":{"id":"db53f23a-bca9-4d7f-bdd5-e405d4c58c12","title":"GHSA-hgg8-fqqc-vfmw: vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via Anthropic router","summary":"vLLM's fix for an earlier vulnerability (CVE-2026-22778) was incomplete, leaving five code paths in the Anthropic router and speech-to-text API that still leak memory addresses. When users send malformed image data, the PIL library raises an error message containing a BytesIO object's memory address (like `<_io.BytesIO object at 0x7a95e299e750>`), and these five locations pass the error directly to clients without removing the address, defeating ASLR (address space layout randomization, a security feature that randomizes where code lives in memory).","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-hgg8-fqqc-vfmw","publishedAt":"2026-06-17T14:04:09.000Z","cveId":"CVE-2026-54236","cweIds":null,"cvssScore":null,"cvssSeverity":"medium","severity":"medium","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":["vllm@<= 0.23.0"],"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["vLLM","Anthropic"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-17T14:04:09.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}