GHSA-q8gq-377p-jq3r: vLLM: Security Check Bypass via assert Statement in Activation Function Loading Allows Arbitrary Code Execution
highvulnerability
security
Summary
vLLM has a security vulnerability where an `assert` statement (a line of code that checks a condition) used to restrict which activation functions can be loaded is removed when Python runs in optimized mode, allowing attackers to publish malicious models on HuggingFace that execute arbitrary code when loaded.
Solution / Mitigation
Replace the `assert` with an explicit conditional raise. The source provides this fix: `if not function_name.startswith("torch.nn.modules."): raise ValueError("Loading of activation functions is restricted to torch.nn.modules for security reasons")`
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.0%
Patch Available
Yes
Disclosure Date
June 16, 2026
Classification
Attack Type
Supply Chain
Attack SophisticationTrivial
Impact (CIA+S)
integrityconfidentiality
Taxonomy References
MITRE ATLAS (AI/ML Threat Technique)
Affected Vendors
HuggingFace
Affected Packages
vllm@< 0.22.0 (fixed: 0.22.0)
Related Issues
Monthly digest — independent AI security research
Original source: https://github.com/advisories/GHSA-q8gq-377p-jq3r
First tracked: June 16, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 95%