CVE-2026-54235
MEDIUMvLLM: temperature=NaN and temperature=Infinity bypass validation and propagate to GPU kernels
Title source: cnaDescription
vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, ll temperature validation gates use comparison operators (<, >), which silently evaluate to False for NaN and for positive Infinity in Python's IEEE 754 float semantics. Both values pass every guard and propagate to GPU sampling kernels, where they produce undefined behavior or CUDA errors that can crash the inference worker. This vulnerability is fixed in 0.23.1rc0.
References (3)
Core 3
Core References
X_Refsource_Confirm x_refsource_confirm
https://github.com/vllm-project/vllm/security/advisories/GHSA-7h4p-rffg-7823
X_Refsource_Misc x_refsource_misc
https://github.com/vllm-project/vllm/pull/45116
X_Refsource_Misc x_refsource_misc
https://github.com/vllm-project/vllm/commit/d598d239737cfa37bcfcb98886ec3f3557fc7198
Scores
CVSS v3
6.5
EPSS
0.0026
EPSS Percentile
17.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-1287
Status
published
Products (2)
vllm/vllm
< 0.23.1
vllm-project/vllm
< 0.23.1rc0
Published
Jun 22, 2026
Tracked Since
Jun 23, 2026