CVE-2026-56340

HIGH 8.8

vLLM - Denial of Service via Unvalidated Multimodal Embeddings

CVSS Score

8.8

EPSS Score

0.0%

EPSS Percentile

0th

vLLM versions >= 0.10.2 and < 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests with malformed (negative or out-of-bounds) tensor indices, when the prompt-embeds feature is enabled, to trigger crashes or resource exhaustion (denial of service), with potential for out-of-bounds/write-what-where memory corruption. This continues CVE-2025-62164, whose prior fix only disabled the feature by default rather than addressing the root cause.

CWE	CWE-20
Vendor	vllm
Product	vllm
Published	Jun 20, 2026

Stay Ahead of the Next One

Get instant alerts for vllm vllm

Be the first to know when new high vulnerabilities affecting vllm vllm are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

vLLM / vLLM

0.10.2 < 0.13.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/vllm-project/vllm/security/advisories/GHSA-mcmc-2m55-j8jj vulncheck.com: https://www.vulncheck.com/advisories/vllm-denial-of-service-via-unvalidated-multimodal-embeddings