CVE-2026-54235

UNKNOWN 0.0

vLLM: temperature=NaN and temperature=Infinity bypass validation and propagate to GPU kernels

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, ll temperature validation gates use comparison operators (<, >), which silently evaluate to False for NaN and for positive Infinity in Python's IEEE 754 float semantics. Both values pass every guard and propagate to GPU sampling kernels, where they produce undefined behavior or CUDA errors that can crash the inference worker. This vulnerability is fixed in 0.23.1rc0.

CWE	CWE-1287
Vendor	vllm-project
Product	vllm
Published	Jun 22, 2026

Stay Ahead of the Next One

Get instant alerts for vllm-project vllm

Be the first to know when new unknown vulnerabilities affecting vllm-project vllm are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

vllm-project / vllm

< 0.23.1rc0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/vllm-project/vllm/security/advisories/GHSA-7h4p-rffg-7823 github.com: https://github.com/vllm-project/vllm/pull/45116 github.com: https://github.com/vllm-project/vllm/commit/d598d239737cfa37bcfcb98886ec3f3557fc7198