CVE-2026-34753

MEDIUM LAB

vLLM affected by Server-Side Request Forgery (SSRF) in `download_bytes_from_url `

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-34753. PoCs published by Dhiaelhak-Rached.

AI-analyzed exploit summary This repository contains a functional proof-of-concept for CVE-2026-34753, demonstrating an SSRF vulnerability in vLLM's batch API. The exploit leverages the lack of URL validation in the `download_bytes_from_url` function to access internal services, such as a simulated AWS metadata service.

Description

vLLM is an inference and serving engine for large language models (LLMs). From 0.16.0 to before 0.19.0, a server-side request forgery (SSRF) vulnerability in download_bytes_from_url allows any actor who can control batch input JSON to make the vLLM batch runner issue arbitrary HTTP/HTTPS requests from the server, without any URL validation or domain restrictions. This can be used to target internal services (e.g. cloud metadata endpoints or internal HTTP APIs) reachable from the vLLM host. This vulnerability is fixed in 0.19.0.

Exploits (1)

github WORKING POC

by Dhiaelhak-Rached · pythonpoc

https://github.com/Dhiaelhak-Rached/CVE-2026-34753

View Code ZIP pw:eip

This repository contains a functional proof-of-concept for CVE-2026-34753, demonstrating an SSRF vulnerability in vLLM's batch API. The exploit leverages the lack of URL validation in the `download_bytes_from_url` function to access internal services, such as a simulated AWS metadata service.

Classification

Working Poc 95%

Attack Type

Ssrf

Complexity

Moderate

Reliability

Reliable

Target: vLLM 0.18.x

No auth needed

Prerequisites: Docker environment · network connectivity between attacker and victim containers

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1210 - Exploitation of Remote Services

devstral-2 · analyzed May 04, 2026 Full analysis →

References (1)

Core 1

Core References

X_Refsource_Confirm x_refsource_confirm

https://github.com/vllm-project/vllm/security/advisories/GHSA-pf3h-qjgv-vcpr

Scores

CVSS v3 5.4

EPSS 0.0025

EPSS Percentile 15.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Lab Environment

COMMUNITY

Community Lab

docker pull alpine/curl:latest

https://github.com/Dhiaelhak-Rached/CVE-2026-34753

View in Library

Details

CWE

CWE-918

Status published

Products (3)

pypi/vllm 0.16.0 - 0.19.0PyPI

vllm/vllm 0.16.0 - 0.19.0

vllm-project/vllm >= 0.16.0, < 0.19.0

Published Apr 06, 2026

Tracked Since Apr 06, 2026