CVE-2026-54236

Source
https://cve.org/CVERecord?id=CVE-2026-54236
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-54236.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-54236
Aliases
Downstream
Related
Published
2026-06-22T22:09:15.034Z
Modified
2026-07-08T08:13:45.224285305Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via Anthropic router
Details

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, the fix for CVE-2026-22778, which introduced a sanitizemessage helper that strips object-repr memory addresses from error messages before they reach the client, is incomplete: several response paths echo str(exc) directly to clients without calling sanitizemessage. The unsanitized sites include the Anthropic API router in vllm/entrypoints/anthropic/apirouter.py (the POST /v1/messages and POST /v1/messages/counttokens handlers), the Server-Sent Events streaming converter in vllm/entrypoints/anthropic/serving.py, and the realtime speech-to-text WebSocket in vllm/entrypoints/speechtotext/realtime/connection.py. These paths catch the exception inside the route coroutine and construct the JSONResponse themselves, bypassing the sanitizing global FastAPI exception handler, and WebSocket frames do not traverse that handler chain at all. Using the same primitive as the parent issue, an unauthenticated attacker can send malformed image bytes through the Anthropic Messages API image content parts so that PIL.Image.open raises an UnidentifiedImageError whose message contains the BytesIO object repr, leaking the heap memory address verbatim in the error.message field of the response body. This vulnerability is fixed in 0.23.1rc0.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/54xxx/CVE-2026-54236.json",
    "cwe_ids": [
        "CWE-532"
    ],
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/vllm-project/vllm

Affected ranges

Type
GIT
Repo
https://github.com/vllm-project/vllm
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.23.1rc0"
        }
    ]
}

Affected versions

Other
submission
v0.*
v0.1.0
v0.1.1
v0.1.2
v0.1.3
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.10.0
v0.10.0rc1
v0.10.0rc2
v0.10.1rc1
v0.10.2rc1
v0.10.2rc2
v0.11.0rc1
v0.11.1
v0.11.1rc0
v0.11.1rc1
v0.11.1rc2
v0.11.1rc3
v0.11.1rc4
v0.11.1rc5
v0.11.1rc6
v0.13.0rc1
v0.14.0rc0
v0.14.0rc1
v0.15.0rc1
v0.15.2rc0
v0.16.0rc0
v0.16.0rc1
v0.17.0rc0
v0.17.1rc0
v0.17.2rc0
v0.18.0rc0
v0.18.1rc0
v0.18.2rc0
v0.19.1rc0
v0.19.2rc0
v0.2.0
v0.2.1
v0.2.2
v0.2.3
v0.2.4
v0.2.5
v0.2.6
v0.2.7
v0.20.1rc0
v0.20.2rc0
v0.21.1rc0
v0.22.1rc0
v0.3.0
v0.3.1
v0.3.2
v0.3.3
v0.4.0
v0.4.0.post1
v0.4.1
v0.4.2
v0.4.3
v0.5.0
v0.5.0.post1
v0.5.1
v0.5.2
v0.5.3
v0.5.3.post1
v0.5.4
v0.5.5
v0.6.0
v0.6.1
v0.6.1.post1
v0.6.1.post2
v0.6.2
v0.6.3
v0.6.3.post1
v0.6.4
v0.6.4.post1
v0.6.5
v0.6.6
v0.6.6.post1
v0.7.0
v0.7.1
v0.7.2
v0.7.3
v0.8.0rc1
v0.8.0rc2
v0.8.1
v0.8.2
v0.8.3rc1
v0.8.4
v0.9.0
v0.9.1
v0.9.1rc1
v0.9.1rc2
v0.9.2rc1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-54236.json"