CVE-2026-44222— vLLM: Remote DoS via Special-Token Placeholders
Possible ATT&CK Techniques 2AI
T1499 · Endpoint Denial of Service T1190 · Exploit Public-Facing ApplicationAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| vllm-project | vllm | >= 0.6.1, < 0.20.0 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-44222
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
vLLM: Remote DoS via Special-Token Placeholders
Source: NVD (National Vulnerability Database)
Vulnerability Description
vLLM is an inference and serving engine for large language models (LLMs). From 0.6.1 to before 0.20.0, there is a a Token Injection vulnerability in vLLM’s multimodal processing. Unauthenticated, text-only prompts that spell special tokens are interpreted as control. Image and video placeholder sequences supplied without matching data cause vLLM to index into empty grids during input-position computation, raising an unhandled IndexError and terminating the worker or degrading availability. Multimodal paths that rely on image_grid_thw/video_grid_thw are affected. This vulnerability is fixed in 0.20.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
对数组索引的验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
vLLM 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
vLLM是vLLM开源的一个适用于 LLM 的高吞吐量和内存高效推理和服务引擎。 vLLM 0.6.1至0.20.0之前版本存在输入验证错误漏洞,该漏洞源于多模态处理中的令牌注入漏洞,可能导致未经身份验证的纯文本提示被解释为控制令牌,以及缺少匹配数据的图像和视频占位符序列导致未处理的IndexError,终止工作进程或降低可用性。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| vllm-project | vllm | >= 0.6.1, < 0.20.0 | - |
II. Public POCs for CVE-2026-44222
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-44222
请登录查看更多情报信息。
- https://github.com/vllm-project/vllm/issues/32656x_refsource_MISC
- https://github.com/vllm-project/vllm/security/advisories/GHSA-hpv8-x276-m59fx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2026-44222
IV. Related Vulnerabilities
Same product: vllm
- CVE-2026-44223
vLLM: extract_hidden_states speculative decoding crashes ser - CVE-2026-7141
vllm KV Block kv_cache_interface.py has_mamba_layers uniniti - CVE-2026-34756
vLLM Affected by Unauthenticated OOM Denial of Service via U - CVE-2026-34755
vLLM Affected by Denial of Service via Unbounded Frame Count - CVE-2026-34753
vLLM affected by Server-Side Request Forgery (SSRF) in `down
Same vendor: vllm-project
- CVE-2026-44223
vLLM: extract_hidden_states speculative decoding crashes ser - CVE-2026-34756
vLLM Affected by Unauthenticated OOM Denial of Service via U - CVE-2026-34755
vLLM Affected by Denial of Service via Unbounded Frame Count - CVE-2026-34753
vLLM affected by Server-Side Request Forgery (SSRF) in `down - CVE-2026-34760
vLLM: Downmix Implementation Differences as Attack Vectors A
Same weakness: CWE-129
- CVE-2026-44310
gitsign --verify panics on empty-certificate PKCS7 and exits - CVE-2023-31309
Power Management Firmware多版本信息泄露与可用性受损漏洞 - CVE-2026-41643
GoBGP: Remote Denial of Service (Panic) in UpdatePathAttrs4B - CVE-2026-40251
Incus out-of-bounds panic in snapshot metadata handling allo - CVE-2026-40886
Argo Workflows: Unchecked annotation parsing in pod informer
V. Comments for CVE-2026-44222
No comments yet