Description
vLLM is an inference and serving engine for large language models (LLMs). From 0.1.0 to before 0.19.0, a Denial of Service vulnerability exists in the vLLM OpenAI-compatible API server. Due to the lack of an upper bound validation on the n parameter in the ChatCompletionRequest and CompletionRequest Pydantic models, an unauthenticated attacker can send a single HTTP request with an astronomically large n value. This completely blocks the Python asyncio event loop and causes immediate Out-Of-Memory crashes by allocating millions of request object copies in the heap before the request even reaches the scheduling queue. This vulnerability is fixed in 0.19.0.
Published: 2026-04-06
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: Denial of Service via Out-Of-Memory
Action: Apply Patch
AI Analysis

Impact

An unauthenticated attacker can send a single HTTP request containing an extremely large n parameter to the OpenAI‑compatible API server of vLLM. Because the service does not bound the n value, the server allocates millions of request objects before they even reach the scheduling queue, exhausting heap memory and forcing the Python asyncio event loop to block. This results in an immediate Out‑of‑Memory crash that takes the process down and denies service to legitimate users. The weakness matches CWE‑770 for uncontrolled resource consumption.

Affected Systems

The vulnerability affects the vLLM inference and serving engine released by the vllm‑project organization. Any deployment based on version 0.1.0 up through 0.18.x (i.e., before 0.19.0) is susceptible when the API server is reachable from untrusted clients. Versions 0.19.0 and newer contain the fix.

Risk and Exploitability

The CVSS score of 6.5 indicates a moderate overall risk. No publicly documented exploits are currently known, but the flaw can be triggered with a single unauthenticated HTTP request over the public API interface. An attacker does not need special credentials and can disrupt service availability for affected systems. The impact is a sudden loss of availability caused by an Out‑of‑Memory crash.

Generated by OpenCVE AI on April 6, 2026 at 20:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade vLLM to version 0.19.0 or later

Generated by OpenCVE AI on April 6, 2026 at 20:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-3mwp-wvh9-7528 vLLM: Unauthenticated OOM Denial of Service via Unbounded `n` Parameter in OpenAI API Server
History

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Vllm-project
Vllm-project vllm
Weaknesses CWE-1284
Vendors & Products Vllm-project
Vllm-project vllm
References
Metrics threat_severity

None

 threat_severity

Important

Mon, 06 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Description vLLM is an inference and serving engine for large language models (LLMs). From 0.1.0 to before 0.19.0, a Denial of Service vulnerability exists in the vLLM OpenAI-compatible API server. Due to the lack of an upper bound validation on the n parameter in the ChatCompletionRequest and CompletionRequest Pydantic models, an unauthenticated attacker can send a single HTTP request with an astronomically large n value. This completely blocks the Python asyncio event loop and causes immediate Out-Of-Memory crashes by allocating millions of request object copies in the heap before the request even reaches the scheduling queue. This vulnerability is fixed in 0.19.0.
Title vLLM Affected by Unauthenticated OOM Denial of Service via Unbounded `n` Parameter in OpenAI API Server
Weaknesses CWE-770
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Vllm-project Vllm
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-06T15:40:03.448Z

Reserved: 2026-03-30T19:17:10.225Z

Link: CVE-2026-34756

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-06T16:16:36.610

Modified: 2026-04-06T16:16:36.610

Link: CVE-2026-34756

cve-icon Redhat

Severity : Important

Publid Date: 2026-04-06T15:40:03Z

Links: CVE-2026-34756 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-06T21:31:52Z

Weaknesses