CVE-2026-34755 - Vulnerability Details

Description

vLLM is an inference and serving engine for large language models (LLMs). From 0.7.0 to before 0.19.0, the VideoMediaIO.load_base64() method at vllm/multimodal/media/video.py splits video/jpeg data URLs by comma to extract individual JPEG frames, but does not enforce a frame count limit. The num_frames parameter (default: 32), which is enforced by the load_bytes() code path, is completely bypassed in the video/jpeg base64 path. An attacker can send a single API request containing thousands of comma-separated base64-encoded JPEG frames, causing the server to decode all frames into memory and crash with OOM. This vulnerability is fixed in 0.19.0.

Published: 2026-04-06

Score: 6.5 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

vLLM, an inference engine for large language models, has a flaw that permits an attacker to trigger an out‑of‑memory condition by sending a single API request containing thousands of comma‑separated base64‑encoded JPEG frames. The VideoMediaIO.load_base64() method in versions 0.7.0–0.18.x parses video/jpeg data URLs by splitting the string on commas but does not enforce the usual frame‑count limit. Consequently, every frame is decoded into memory, leading to a denial‑of‑service when the server exhausts available memory.

Affected Systems

vLLM library, maintained by the vllm‑project, versions 0.7.0 through 0.18.x are affected. Any deployment that relies on the VideoMediaIO.load_base64() path for handling video/jpeg data URLs is vulnerable.

Risk and Exploitability

The vulnerability carries a CVSS base score of 6.5, reflecting moderate severity. No EPSS data is available and the flaw is not listed in the CISA KEV catalog, indicating that it has not been widely exploited yet. An attacker must have network access to the model‑serving endpoint and can exploit the flaw by sending a malicious API request with a large number of comma‑separated base64 frames. The absence of a frame‑count limit means the attack will succeed as long as the request reaches the server, leading to an out‑of‑memory crash and denial of service.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

vllm-project

vllm

affected

Version	Status	Constraints
`>= 0.7.0, < 0.19.0`	affected	—

No data.

Vendor Product Confidence Versions

Vllm-project

Vllm

100%

Version	Status	Scheme	Platform
`[0.7.0,0.19.0)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade to vLLM version 0.19.0 or later

Generated by OpenCVE AI on April 6, 2026 at 20:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Github GHSA	GHSA-pq5c-rjhq-qp7p	vLLM: Denial of Service via Unbounded Frame Count in video/jpeg Base64 Processing

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/vllm-project/vllm/security/advisories/GHSA-pq5c-rjhq-qp7p
https://nvd.nist.gov/vuln/detail/CVE-2026-34755
https://www.cve.org/CVERecord?id=CVE-2026-34755

History

Tue, 07 Apr 2026 00:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Vllm-project Vllm-project vllm
Vendors & Products		Vllm-project Vllm-project vllm
References		https://nvd.nist.gov/vuln/detail/CVE-2026-34755 https://www.cve.org/CVERecord?id=CVE-2026-34755
Metrics	threat_severity `None`	threat_severity `Important`

Mon, 06 Apr 2026 20:00:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 06 Apr 2026 16:45:00 +0000

Type	Values Removed	Values Added
Description		vLLM is an inference and serving engine for large language models (LLMs). From 0.7.0 to before 0.19.0, the VideoMediaIO.load_base64() method at vllm/multimodal/media/video.py splits video/jpeg data URLs by comma to extract individual JPEG frames, but does not enforce a frame count limit. The num_frames parameter (default: 32), which is enforced by the load_bytes() code path, is completely bypassed in the video/jpeg base64 path. An attacker can send a single API request containing thousands of comma-separated base64-encoded JPEG frames, causing the server to decode all frames into memory and crash with OOM. This vulnerability is fixed in 0.19.0.
Title		vLLM Affected by Denial of Service via Unbounded Frame Count in video/jpeg Base64 Processing
Weaknesses		CWE-770
References		https://github.com/vllm-project/vllm/security/advisories/GHSA-pq5c-rjhq-qp7p
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Subscriptions

Vllm-project Vllm

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-04-06T15:38:53.201Z

Updated: 2026-04-06T18:36:31.152Z

Reserved: 2026-03-30T19:17:10.225Z

Link: CVE-2026-34755

Vulnrichment

Updated: 2026-04-06T18:36:26.827Z

NVD

Status : Received

Published: 2026-04-06T16:16:36.463

Modified: 2026-04-06T16:16:36.463

Link: CVE-2026-34755

Redhat

Severity : Important

Publid Date: 2026-04-06T15:38:53Z

Links: CVE-2026-34755 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-06T21:31:53Z

Weaknesses

CWE-770

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object