GHSA-7h4p-rffg-7823: vLLM: temperature=NaN and temperature=Infinity bypass validation and propagate to GPU kernels
Summary
vLLM has a validation bypass where temperature values set to NaN (not-a-number) or positive Infinity pass all safety checks because comparison operators silently return False for these special float values in Python. These invalid values then reach GPU sampling kernels, causing crashes that take down the inference worker and affect all users running models on it.
Solution / Mitigation
Add a `math.isfinite(self.temperature)` check in the `_verify_args()` function to reject non-finite float values with a 400 error. A fix was merged in https://github.com/vllm-project/vllm/pull/45116
Vulnerability Details
EPSS: 0.0%
June 17, 2026
Classification
Affected Vendors
Affected Packages
Related Issues
CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem
CVE-2021-29541: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null p
Original source: https://github.com/advisories/GHSA-7h4p-rffg-7823
First tracked: June 17, 2026 at 02:01 PM
Classified by LLM (prompt v3) · confidence: 95%