CVE-2026-9540

Source
https://cve.org/CVERecord?id=CVE-2026-9540
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-9540.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-9540
Aliases
Published
2026-05-26T10:30:12.648Z
Modified
2026-07-08T08:10:05.345249614Z
Severity
  • 5.5 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
vllm-project vllm OpenAI-compatible Serving Path denial of service
Details

A vulnerability was identified in vllm-project vllm 0.19.0. This issue affects some unknown processing of the component OpenAI-compatible Serving Path. Such manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The pull request to fix this issue awaits acceptance.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/9xxx/CVE-2026-9540.json",
    "cna_assigner": "VulDB",
    "cwe_ids": [
        "CWE-404"
    ]
}
References

Affected packages

Git / github.com/vllm-project/vllm

Affected ranges

Type
GIT
Repo
https://github.com/vllm-project/vllm
Events
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "0.19.0"
        },
        {
            "last_affected": "0.19.0"
        }
    ]
}

Affected versions

0.*
0.19.0
v0.*
v0.19.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-9540.json"