Description
vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, vLLM's /v1/audio/transcriptions endpoint limits compressed upload size but not decoded PCM output. A 25MB OPUS file expands to ~14.9GB of float32 PCM at decode time. This vulnerability is fixed in 0.23.1rc0.
Published: 2026-06-22
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability exists in vLLM’s /v1/audio/transcriptions endpoint; decompressing a compressed OPUS file produces a massive PCM output that can exceed the server’s memory, causing an out‑of‑memory failure and a denial of service. The flaw is a lack of bounds checking on the decoded output size (CWE‑409). An attacker can trigger the issue by uploading a specially crafted audio file, exhausting memory resources and potentially crashing or rejecting legitimate requests.

Affected Systems

vLLM project prior to version 0.23.1rc0, any deployment that exposes the /v1/audio/transcriptions endpoint. The vulnerable product is vllm-project vllm; the flaw affects all environments running the engine before the fixed release.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate severity. No EPSS score is available to gauge exploitation likelihood, and the vulnerability is not listed in the CISA KEV catalog. Attackers could exploit this through an HTTP POST to the transcription endpoint, sending a large compressed audio payload to trigger the denial‑of‑service condition.

Generated by OpenCVE AI on June 22, 2026 at 23:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade vLLM to 0.23.1rc0 or later where the issue is resolved
  • If upgrading is not immediately possible, configure the server to reject requests that generate decoded PCM output beyond a safe threshold or temporarily disable the /v1/audio/transcriptions endpoint
  • Enforce stricter size limits on incoming audio files and monitor memory usage for anomalous spikes

Generated by OpenCVE AI on June 22, 2026 at 23:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-6pr9-rp53-2pmc vLLM: OOM Denial of Service via Audio Decompression Bomb
History

Mon, 22 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
Description vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, vLLM's /v1/audio/transcriptions endpoint limits compressed upload size but not decoded PCM output. A 25MB OPUS file expands to ~14.9GB of float32 PCM at decode time. This vulnerability is fixed in 0.23.1rc0.
Title vLLM: OOM Denial of Service via Audio Decompression Bomb
Weaknesses CWE-409
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-22T22:10:45.689Z

Reserved: 2026-06-12T16:25:43.084Z

Link: CVE-2026-54233

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-22T23:30:05Z

Weaknesses
  • CWE-409

    Improper Handling of Highly Compressed Data (Data Amplification)