GHSA-hgg8-fqqc-vfmw: vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via Anthropic router
Summary
vLLM's fix for an earlier vulnerability (CVE-2026-22778) was incomplete, leaving five code paths in the Anthropic router and speech-to-text API that still leak memory addresses. When users send malformed image data, the PIL library raises an error message containing a BytesIO object's memory address (like `<_io.BytesIO object at 0x7a95e299e750>`), and these five locations pass the error directly to clients without removing the address, defeating ASLR (address space layout randomization, a security feature that randomizes where code lives in memory).
Vulnerability Details
EPSS: 0.0%
June 17, 2026
Classification
Affected Vendors
Affected Packages
Related Issues
CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
Original source: https://github.com/advisories/GHSA-hgg8-fqqc-vfmw
First tracked: June 17, 2026 at 02:01 PM
Classified by LLM (prompt v3) · confidence: 92%