GHSA-3ww4-5jv9-j5gm: vLLM's Artifact Pin Decay allows pinned deployments to load unpinned code, weights, and processors
mediumvulnerabilityLLM-Specific
security
Summary
vLLM has a vulnerability called Artifact Pin Decay where revision pinning (locking a model to a specific version) doesn't consistently apply to all files and code that a model needs. When operators use `--revision` to lock their deployment to a reviewed version, vLLM can still load related files like weights, image processors, and configuration from the unpinned default version, breaking the safety guarantee that a pinned deployment serves only reviewed code.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.0%
Patch Available
Yes
Disclosure Date
June 10, 2026
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
integrity
AI Component TargetedModel
Affected Vendors
HuggingFace
Affected Packages
vllm@< 0.22.0 (fixed: 0.22.0)
Related Issues
Monthly digest — independent AI security research
Original source: https://github.com/advisories/GHSA-3ww4-5jv9-j5gm
First tracked: June 10, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 95%