Ddos 
A new critical vulnerability has been discovered in vLLM, a widely used high-performance library for Large Language Model (LLM) inference. Tracked as CVE-2026-22778, this flaw carries a devastating CVSS score of 9.8, allowing remote attackers to execute arbitrary code on the server simply by processing a malicious video file.
The vulnerability is a one-two punch of security failures, combining an information leak with a classic heap overflow to bypass modern defenses and hijack the system.
The exploit chain is technical but deadly effective. It relies on two distinct failures working in tandem:
- The Leak: First, the attacker triggers an error in the PIL (Python Imaging Library). This error message inadvertently exposes memory addresses, allowing the attacker to bypass ASLR (Address Space Layout Randomization), a standard security feature designed to randomize memory locations and make exploits harder.
- The Overflow: With the memory layout mapped, the attacker targets the JPEG2000 decoder within the bundled OpenCV/FFmpeg libraries. By sending a crafted video file, they trigger a “heap overflow that lets us hijack code execution”.
The result is total system compromise. As the advisory explains: “Send a malicious video URL to vLLM Completions or Invocations for a video model -> Execute arbitrary commands on the server”.
What makes this vulnerability particularly dangerous is its accessibility. Default installations of vLLM, such as those pulled directly from pip or Docker, often lack authentication.
“Completely default vLLM instance… does not have authentication so ‘None’ privileges are required,” the report warns.
Even in configurations where API keys are enabled, the report notes that the exploit is still feasible through the “invocations route that allows payload to execute pre-auth,” effectively rendering standard access controls useless against this specific attack vector.
The vulnerability specifically impacts vLLM deployments that are serving video models. If you are only serving text-based models, you are safe. However, for those in the multimodal space, the risk is acute.
The affected versions are:
- vLLM: Versions >= 0.8.3 and < 0.14.1
- OpenCV: 4.x versions using the bundled FFmpeg
- FFmpeg: Version 5.1.x (bundled)
Administrators are urged to upgrade vLLM to version 0.14.1 or later immediately to patch this critical hole in their AI infrastructure.
Related Posts:
- vLLM Flaw (CVE-2025-62164) Risks Remote Code Execution via Malicious Prompt Embeddings
- Critical CVSS 9.8 RCE Flaw in vLLM Exposes AI Hosts to Remote Attacks
- Critical Remote Code Execution Vulnerability in vLLM via Mooncake Integration
- CVE-2025-32444 (CVSS 10): Critical RCE Flaw in vLLM’s Mooncake Integration Exposes AI Infrastructure
- Red Hat Unveils llm-d: Scaling Generative AI for the Enterprise
Donate