PYSEC-2026-145

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/vllm/PYSEC-2026-145.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2026-145

Aliases

CVE-2026-44223
GHSA-83vm-p52w-f9pw

Published

2026-05-12T20:16:43.293Z

Modified

2026-05-20T09:19:21.596358Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

vLLM is an inference and serving engine for large language models (LLMs). From to before 0.20.0, the extracthiddenstates speculative decoding proposer in vLLM returns a tensor with an incorrect shape after the first decode step, causing a RuntimeError that crashes the EngineCore process. The crash is triggered when any request in the batch uses sampling penalty parameters (repetitionpenalty, frequencypenalty, or presencepenalty). A single request with a penalty parameter (e.g., "repetitionpenalty": 1.1) is sufficient to crash the server. This vulnerability is fixed in 0.20.0.

References

Affected packages

PyPI / vllm

Package

Name: vllm; View open source insights on deps.dev
Purl: pkg:pypi/vllm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.18.0

Fixed

0.20.0

Affected versions

0.*

0.18.0

0.18.1

0.19.0

0.19.1

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/vllm/PYSEC-2026-145.yaml"