CVE-2026-55514: vLLM is a library for LLM inference and serving. From 0.12.0 to before 0.24.0, sending a pure prompt embeds payload in a
Summary
vLLM is a library for running and serving large language models (LLMs, AI systems that generate text). Versions 0.12.0 through 0.23.x have a bug where sending certain specially crafted requests to the /v1/completions endpoint (an API route for generating text) with models using M-RoPE (a rotary position embedding technique) causes the server to crash and stop working entirely, and any authorized user can trigger this crash.
Solution / Mitigation
This issue is fixed in version 0.24.0. Users should upgrade to vLLM version 0.24.0 or later.
Vulnerability Details
EPSS: 0.0%
July 6, 2026
Classification
Taxonomy References
Affected Vendors
Related Issues
CVE-2026-47482: NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause missing release of memory
CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-55514
First tracked: July 6, 2026 at 08:07 PM
Classified by LLM (prompt v3) · confidence: 95%