CVE-2026-47155

MEDIUM 6.5

vLLM: Artifact Pin Decay in vLLM allows pinned deployments to load unpinned code, weights, and processors

CVSS Score

6.5

EPSS Score

0.0%

EPSS Percentile

0th

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.0, vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies --revision or --code-revision can still load dynamic code, GGUF files, image processors, retrieval side weights, or same-repository subfolder weights/config from an unpinned/default revision. This is a supply-chain integrity issue for pinned vLLM deployments. Operators can believe they are serving a reviewed model revision while vLLM resolves behavior-affecting nested or sibling artifacts outside that reviewed revision. This vulnerability is fixed in 0.22.0.

CWE	CWE-345
Vendor	vllm-project
Product	vllm
Published	Jun 22, 2026

Stay Ahead of the Next One

Get instant alerts for vllm-project vllm

Be the first to know when new medium vulnerabilities affecting vllm-project vllm are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

High

Availability

None

Affected Versions

vllm-project / vllm

< 0.22.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/vllm-project/vllm/security/advisories/GHSA-3ww4-5jv9-j5gm github.com: https://github.com/vllm-project/vllm/pull/42616 github.com: https://github.com/vllm-project/vllm/commit/d26a28ab033697f55a1414b5b0435de7cd6045b6 huntr.com: https://huntr.com/bounties/3f1e24c0-87d2-4f6c-a705-820f380879ac