Description

vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to version 0.14.0, vLLM loads Hugging Face `auto_map` dynamic modules during model resolution without gating on `trust_remote_code`, allowing attacker-controlled Python code in a model repo/path to execute at server startup. An attacker who can influence the model repo/path (local directory or remote Hugging Face repo) can achieve arbitrary code execution on the vLLM host during model load. This happens before any request handling and does not require API access. Version 0.14.0 fixes the issue.

INFO

Published Date :

2026-01-21T21:13:11.894Z

Last Modified :

2026-01-22T16:50:33.696Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-22807 vulnerability.

Vendors Products
Vllm
  • Vllm
Vllm-project
  • Vllm
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-22807.

URL Resource
https://github.com/vllm-project/vllm/commit/78d13ea9de4b1ce5e4d8a5af9738fea71fb024e5 cve-icon cve-icon cve-icon
https://github.com/vllm-project/vllm/pull/32194 cve-icon cve-icon cve-icon
https://github.com/vllm-project/vllm/releases/tag/v0.14.0 cve-icon cve-icon cve-icon
https://github.com/vllm-project/vllm/security/advisories/GHSA-2pc9-4j83-qjmr cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-22807 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-22807 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact