GHSA-94f4-hr76-p5j6: vLLM: OpenAI auth bypass
criticalvulnerabilityLLM-Specific
security
Summary
vLLM has an authentication bypass vulnerability in its OpenAI API protection. An attacker can craft a request with a specially crafted Host header (containing special characters like `/` or `?`) to trick the authentication check into looking at the wrong URL path, allowing them to use the API without providing the required `VLLM_API_KEY`. This only affects vLLM instances exposed directly to attackers; those behind a proper web server like nginx are protected.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.0%
Patch Available
Yes
Disclosure Date
June 16, 2026
Classification
Attack Type
Jailbreak
Attack SophisticationTrivial
Impact (CIA+S)
integrityconfidentiality
Taxonomy References
MITRE ATLAS (AI/ML Threat Technique)
Affected Vendors
Affected Packages
vllm@>= 0.3.0, < 0.22.0 (fixed: 0.22.0)
Related Issues
Monthly digest — independent AI security research
Original source: https://github.com/advisories/GHSA-94f4-hr76-p5j6
First tracked: June 16, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 95%