CVE-2026-44223

Source
https://cve.org/CVERecord?id=CVE-2026-44223
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-44223.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-44223
Aliases
Downstream
Published
2026-05-12T19:58:40.862Z
Modified
2026-07-08T08:02:15.809494620Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
vLLM: extract_hidden_states speculative decoding crashes server on any request with penalty parameters
Details

vLLM is an inference and serving engine for large language models (LLMs). From 0.18.0 to before 0.20.0, the extracthiddenstates speculative decoding proposer in vLLM returns a tensor with an incorrect shape after the first decode step, causing a RuntimeError that crashes the EngineCore process. The crash is triggered when any request in the batch uses sampling penalty parameters (repetitionpenalty, frequencypenalty, or presencepenalty). A single request with a penalty parameter (e.g., "repetitionpenalty": 1.1) is sufficient to crash the server. This vulnerability is fixed in 0.20.0.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/44xxx/CVE-2026-44223.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-131",
        "CWE-704"
    ]
}
References

Affected packages

Git / github.com/vllm-project/vllm

Affected ranges

Type
GIT
Repo
https://github.com/vllm-project/vllm
Events
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ],
    "cpe": "cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0.18.0"
        },
        {
            "fixed": "0.20.0"
        }
    ]
}

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-44223.json"