CVE-2026-25960
SSRF Protection Bypass in vLLM
CVSS Score
7.1
EPSS Score
0.0%
EPSS Percentile
0th
vLLM is an inference and serving engine for large language models (LLMs). The SSRF protection fix for CVE-2026-24779 add in 0.15.1 can be bypassed in the load_from_url_async method due to inconsistent URL parsing behavior between the validation layer and the actual HTTP client. The SSRF fix uses urllib3.util.parse_url() to validate and extract the hostname from user-provided URLs. However, load_from_url_async uses aiohttp for making the actual HTTP requests, and aiohttp internally uses the yarl library for URL parsing. This vulnerability in 0.17.0.
| CWE | CWE-918 |
| Vendor | vllm-project |
| Product | vllm |
| Published | Mar 9, 2026 |
| Last Updated | Mar 10, 2026 |
Stay Ahead of the Next One
Get instant alerts for vllm-project vllm
Be the first to know when new high vulnerabilities affecting vllm-project vllm are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
Low
Affected Versions
vllm-project / vllm
>= 0.15.1, < 0.17.0
References
github.com: https://github.com/vllm-project/vllm/security/advisories/GHSA-v359-jj2v-j536 github.com: https://github.com/vllm-project/vllm/security/advisories/GHSA-qh4c-xf7m-gxfc github.com: https://github.com/vllm-project/vllm/pull/34743 github.com: https://github.com/vllm-project/vllm/commit/6f3b2047abd4a748e3db4a68543f8221358002c0