Description
vLLM is an inference and serving engine for large language models (LLMs). From 0.3.0 until 0.22.0, a vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentication bypass of the OpenAI API AuthenticationMiddleware. It allows to use the API without providing the configured VLLM_API_KEY or --api-key. This vulnerability is fixed in 0.22.0.
Published: 2026-06-22
Score: 9.1 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in vLLM’s integration with ASGI web servers and Starlette’s trust mechanism allows an attacker to call the OpenAI API endpoints without supplying the configured VLLM_API_KEY or --api-key. By exploiting this weakness, a client can obtain unrestricted access to the LLM inference service, potentially leading to unauthorized model usage, data leaks, and service abuse.

Affected Systems

Versions of the vLLM inference engine from 0.3.0 through 0.22.0, inclusive, are affected. These releases are available from the vllm‑project under the product name vLLM.

Risk and Exploitability

The vulnerability scores a high CVSS of 9.1 and is not listed in the CISA KEV catalog. No EPSS score is available, but the high severity indicates significant potential impact. The likely attack vector is network‑based: a client can issue HTTP requests to the exposed API endpoints on an ASGI compatible server that trusts certain headers, thereby bypassing the authentication middleware.

Generated by OpenCVE AI on June 22, 2026 at 23:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade vLLM to 0.22.0 or later, the version where the authentication bypass is fixed.
  • Configure the OpenAI AuthenticationMiddleware to strictly enforce VLLM_API_KEY or --api-key even when operating behind ASGI servers that specify trust headers.
  • Enable logging of API key usage and review logs for any unauthorized activity; block traffic lacking the properly configured key in critical deployments.

Generated by OpenCVE AI on June 22, 2026 at 23:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-94f4-hr76-p5j6 vLLM: OpenAI auth bypass
History

Mon, 22 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
Description vLLM is an inference and serving engine for large language models (LLMs). From 0.3.0 until 0.22.0, a vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentication bypass of the OpenAI API AuthenticationMiddleware. It allows to use the API without providing the configured VLLM_API_KEY or --api-key. This vulnerability is fixed in 0.22.0.
Title vLLM: OpenAI auth bypass
Weaknesses CWE-444
References
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-22T21:57:28.997Z

Reserved: 2026-05-22T19:10:35.747Z

Link: CVE-2026-48746

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-22T23:30:05Z

Weaknesses
  • CWE-444

    Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')