AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2026-56340: vLLM versions >= 0.10.2 and < 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because P

highvulnerabilityLLM-Specific

security

Source: NVD/CVE DatabaseJune 20, 2026CVE-2026-56340

Summary

vLLM (a system for running large language models) versions 0.10.2 through 0.12.x lack proper validation of sparse tensors (data structures with mostly empty values) when processing multimodal embeddings (numerical representations combining text and images). An attacker can send malicious embedding requests with invalid tensor indices to crash the system, exhaust resources, or potentially corrupt memory if the prompt-embeds feature is enabled.

Vulnerability Details

CVSS Score

8.8(high)

EPSS (30-day exploit probability)

EPSS: 0.0%

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

network

Attack Complexity

low

Privileges Required

low

User Interaction

none

Disclosure Date

June 20, 2026

Classification

Attack Type

DoS

Attack SophisticationModerate

Impact (CIA+S)

availabilityintegrity

Taxonomy References

CWE (Weakness Type)

CWE-20

Affected Vendors

NVIDIA

Related Issues

medium

CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem

Similar attackNVD/CVE Database

low

CVE-2021-29541: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null p

Similar attack

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-56340

First tracked: June 21, 2026 at 02:35 AM

Classified by LLM (prompt v3) · confidence: 92%