PYSEC-2026-2302

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/vllm/PYSEC-2026-2302.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-2302
Aliases
Published
2026-06-11T10:16:21.903Z
Modified
2026-07-13T07:15:46.584903724Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS) attack due to unbounded frame count processing in the VideoMediaIO.load_base64() method. When processing video/jpeg data URLs, the method splits the base64 data string on commas to extract individual JPEG frames without enforcing a frame count limit. An attacker can exploit this by crafting a single API request containing thousands of comma-separated base64-encoded JPEG frames in a data URL, causing the server to decode all frames into memory and crash due to excessive memory consumption. This vulnerability is reachable via the OpenAI-compatible chat completions API and does not require authentication.

References

Affected packages

PyPI / vllm

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0.8.0
Fixed
0.19.0

Affected versions

0.*
0.8.0
0.8.1
0.8.2
0.8.3
0.8.4
0.8.5
0.8.5.post1
0.9.0
0.9.0.1
0.9.1
0.9.2
0.10.0
0.10.1
0.10.1.1
0.10.2
0.11.0
0.11.1
0.11.2
0.12.0
0.13.0
0.14.0
0.14.1
0.15.0
0.15.1
0.16.0
0.17.0
0.17.1
0.18.0
0.18.1

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/vllm/PYSEC-2026-2302.yaml"