CVE-2026-22778
CRITICALvLLM 0.8.3-0.14.0 - Information Disclosure via Multimodal Endpoint Error Handling
Title source: llmDescription
vLLM is an inference and serving engine for large language models (LLMs). From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns this error to the client, leaking a heap address. With this leak, we reduce ASLR from 4 billion guesses to ~8 guesses. This vulnerability can be chained a heap overflow with JPEG2000 decoder in OpenCV/FFmpeg to achieve remote code execution. This vulnerability is fixed in 0.14.1.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
https://github.com/vllm-project/vllm/security/advisories/GHSA-4r2x-xpjr-7cvv
Issue Tracking x_refsource_misc
https://github.com/vllm-project/vllm/pull/31987
Issue Tracking x_refsource_misc
https://github.com/vllm-project/vllm/pull/32319
Release Notes x_refsource_misc
https://github.com/vllm-project/vllm/releases/tag/v0.14.1
Scores
CVSS v3
9.8
EPSS
0.0108
EPSS Percentile
60.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-532
Status
published
Products (2)
pypi/vllm
0.8.3 - 0.14.1PyPI
vllm/vllm
0.8.3 - 0.14.1
Published
Feb 02, 2026
Tracked Since
Feb 18, 2026