CVE-2026-7141

Source
https://cve.org/CVERecord?id=CVE-2026-7141
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-7141.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-7141
Aliases
Related
Published
2026-04-27T16:45:12.662Z
Modified
2026-07-15T01:48:52.052550816Z
Severity
  • 2.9 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
vllm KV Block kv_cache_interface.py has_mamba_layers uninitialized resource
Details

A vulnerability was found in vllm up to 0.19.0. The affected element is the function hasmambalayers of the file vllm/v1/kvcacheinterface.py of the component KV Block Handler. Performing a manipulation results in uninitialized resource. It is possible to initiate the attack remotely. The attack is considered to have high complexity. The exploitability is described as difficult. The exploit has been made public and could be used. The patch is named 1ad67864c0c20f167929e64c875f5c28e1aad9fd. To fix this issue, it is recommended to deploy a patch.

Database specific
{
    "cwe_ids": [
        "CWE-908"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/7xxx/CVE-2026-7141.json",
    "cna_assigner": "VulDB"
}
References

Affected packages

Git / github.com/ajanubolu/vllm

Affected ranges

Type
GIT
Repo
https://github.com/ajanubolu/vllm
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "REFERENCES"
}
Type
GIT
Repo
https://github.com/vllm-project/vllm
Events
Database specific
{
    "cpe": "cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0.1"
        },
        {
            "last_affected": "0.1"
        },
        {
            "introduced": "0.2"
        },
        {
            "last_affected": "0.2"
        },
        {
            "introduced": "0.3"
        },
        {
            "last_affected": "0.3"
        },
        {
            "introduced": "0.4"
        },
        {
            "last_affected": "0.4"
        },
        {
            "introduced": "0.5"
        },
        {
            "last_affected": "0.5"
        },
        {
            "introduced": "0.6"
        },
        {
            "last_affected": "0.6"
        },
        {
            "introduced": "0.7"
        },
        {
            "last_affected": "0.7"
        },
        {
            "introduced": "0.8"
        },
        {
            "last_affected": "0.8"
        },
        {
            "introduced": "0.9"
        },
        {
            "last_affected": "0.9"
        },
        {
            "introduced": "0.10"
        },
        {
            "last_affected": "0.10"
        },
        {
            "introduced": "0.11"
        },
        {
            "last_affected": "0.11"
        },
        {
            "introduced": "0.12"
        },
        {
            "last_affected": "0.12"
        },
        {
            "introduced": "0.13"
        },
        {
            "last_affected": "0.13"
        },
        {
            "introduced": "0.14"
        },
        {
            "last_affected": "0.14"
        },
        {
            "introduced": "0.15"
        },
        {
            "last_affected": "0.15"
        },
        {
            "introduced": "0.16"
        },
        {
            "last_affected": "0.16"
        },
        {
            "introduced": "0.17"
        },
        {
            "last_affected": "0.17"
        },
        {
            "introduced": "0.18"
        },
        {
            "last_affected": "0.18"
        },
        {
            "introduced": "0.19.0"
        },
        {
            "last_affected": "0.19.0"
        },
        {
            "introduced": "0"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ]
}

Affected versions

0.*
0.1
0.10
0.11
0.12
0.13
0.14
0.15
0.16
0.17
0.18
0.19.0
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
v0.*
v0.1.0
v0.1.1
v0.1.2
v0.1.3
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.10.0
v0.10.0rc1
v0.10.0rc2
v0.10.1rc1
v0.10.2rc1
v0.10.2rc2
v0.11.0rc1
v0.11.1
v0.11.1rc0
v0.11.1rc1
v0.11.1rc2
v0.11.1rc3
v0.11.1rc4
v0.11.1rc5
v0.11.1rc6
v0.13.0rc1
v0.14.0rc0
v0.14.0rc1
v0.15.0rc1
v0.15.2rc0
v0.16.0rc0
v0.16.0rc1
v0.17.0rc0
v0.17.1rc0
v0.17.2rc0
v0.18.0rc0
v0.18.1rc0
v0.19.0
v0.19.0rc0
v0.19.0rc1
v0.2.0
v0.2.1
v0.2.2
v0.2.3
v0.2.4
v0.2.5
v0.2.6
v0.2.7
v0.3.0
v0.3.1
v0.3.2
v0.3.3
v0.4.0
v0.4.0.post1
v0.4.1
v0.4.2
v0.4.3
v0.5.0
v0.5.0.post1
v0.5.1
v0.5.2
v0.5.3
v0.5.3.post1
v0.5.4
v0.5.5
v0.6.0
v0.6.1
v0.6.1.post1
v0.6.1.post2
v0.6.2
v0.6.3
v0.6.3.post1
v0.6.4
v0.6.4.post1
v0.6.5
v0.6.6
v0.6.6.post1
v0.7.0
v0.7.1
v0.7.2
v0.7.3
v0.8.0rc1
v0.8.0rc2
v0.8.1
v0.8.2
v0.8.3rc1
v0.8.4
v0.9.0
v0.9.1
v0.9.1rc1
v0.9.1rc2
v0.9.2rc1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-7141.json"