CVE-2026-4944

HIGH

Hardcoded trust_remote_code=True in vllm-project/vllm Bypasses User Security Control

Title source: cna

Description

vllm-project/vllm version 0.14.1 contains a vulnerability where the `trust_remote_code=True` parameter is hardcoded in two model implementation files (`vllm/model_executor/models/nemotron_vl.py` and `vllm/model_executor/models/kimi_k25.py`). This bypasses the user's explicit `--trust-remote-code=False` setting, enabling remote code execution via malicious HuggingFace model repositories. This issue is an incomplete fix for CVE-2025-66448 and CVE-2026-22807, as it affects separate code paths in model implementation files. Deployments loading NemotronVL or KimiK25 models are particularly impacted.

References (1)

Core 1

Core References

https://huntr.com/bounties/97f706f7-a852-49b2-a4eb-76811e611daf

Scores

CVSS v3 8.8

EPSS 0.0075

EPSS Percentile 49.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-22

Status published

Products (1)

vllm-project/vllm-project/vllm unspecified - latest

Published May 28, 2026

Tracked Since May 29, 2026