{"data":{"id":"ddfbc3e6-ecf1-4300-bf71-6e3a76904f55","title":"GHSA-3ww4-5jv9-j5gm: vLLM's Artifact Pin Decay allows pinned deployments to load unpinned code, weights, and processors","summary":"vLLM has a vulnerability called Artifact Pin Decay where revision pinning (locking a model to a specific version) doesn't consistently apply to all files and code that a model needs. When operators use `--revision` to lock their deployment to a reviewed version, vLLM can still load related files like weights, image processors, and configuration from the unpinned default version, breaking the safety guarantee that a pinned deployment serves only reviewed code.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-3ww4-5jv9-j5gm","publishedAt":"2026-06-10T17:11:38.000Z","cveId":"CVE-2026-47155","cweIds":null,"cvssScore":null,"cvssSeverity":"medium","severity":"medium","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["vllm@< 0.22.0 (fixed: 0.22.0)"],"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["vLLM","HuggingFace","Kimi-Audio","BGE-M3","ColBERT","Whisper"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-06-10T17:11:38.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity"],"aiComponentTargeted":"model","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}