Description
vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS) attack due to unbounded frame count processing in the `VideoMediaIO.load_base64()` method. When processing `video/jpeg` data URLs, the method splits the base64 data string on commas to extract individual JPEG frames without enforcing a frame count limit. An attacker can exploit this by crafting a single API request containing thousands of comma-separated base64-encoded JPEG frames in a data URL, causing the server to decode all frames into memory and crash due to excessive memory consumption. This vulnerability is reachable via the OpenAI-compatible chat completions API and does not require authentication.
Published: 2026-06-11
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability stems from the VideoMediaIO.load_base64() method, which splits a video/jpeg data URL on commas to extract JPEG frames without imposing a limit on the number of frames. An attacker can craft a data URL containing thousands of comma‑separated base64‑encoded JPEG frames in a single API request. The method decodes every frame into memory before processing, leading the server to consume excessive memory and ultimately crash. The impact is an Out‑of‑Memory Denial of Service that affects the availability of the affected service and does not compromise confidentiality or integrity.

Affected Systems

The affected product is vLLM, produced by vllm-project. Versions 0.8.0 and later are vulnerable. The vulnerability is exercised through the OpenAI‑compatible chat completions API exposed by the system.

Risk and Exploitability

The CVSS score of 7.5 indicates high severity. The EPSS score of less than 1% demonstrates a currently low probability of exploitation, though it remains possible. The vulnerability is not listed in CISA’s KEV catalog. It is reachable through the public Chat Completions endpoint without authentication, meaning an unauthenticated external attacker can trigger the denial of service by sending a single crafted request containing an unbounded number of frames.

Generated by OpenCVE AI on June 17, 2026 at 23:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade vLLM to the latest version where the load_base64() function limits the number of frames processed.
  • If an upgrade is not immediately feasible, configure the API gateway or reverse proxy to reject requests with data URLs that exceed a safe size or contain an excessive number of comma‑separated frames.
  • Add application‑level input validation to count JPEG frames in the data URL before decoding and reject any request that surpasses a defined threshold.

Generated by OpenCVE AI on June 17, 2026 at 23:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-770
References
Metrics threat_severity

None

cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Important


Mon, 15 Jun 2026 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Vllm
Vllm vllm
CPEs cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*
Vendors & Products Vllm
Vllm vllm

Fri, 12 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Vllm-project
Vllm-project vllm
Vendors & Products Vllm-project
Vllm-project vllm

Thu, 11 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 11 Jun 2026 10:00:00 +0000

Type Values Removed Values Added
Description vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS) attack due to unbounded frame count processing in the `VideoMediaIO.load_base64()` method. When processing `video/jpeg` data URLs, the method splits the base64 data string on commas to extract individual JPEG frames without enforcing a frame count limit. An attacker can exploit this by crafting a single API request containing thousands of comma-separated base64-encoded JPEG frames in a data URL, causing the server to decode all frames into memory and crash due to excessive memory consumption. This vulnerability is reachable via the OpenAI-compatible chat completions API and does not require authentication.
Title Unbounded Frame Count in video/jpeg Base64 Data URL Processing Leads to OOM DoS in vllm-project/vllm
Weaknesses CWE-400
References
Metrics cvssV3_0

{'score': 7.5, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published:

Updated: 2026-07-01T12:05:09.501Z

Reserved: 2026-04-03T14:41:01.113Z

Link: CVE-2026-5497

cve-icon Vulnrichment

Updated: 2026-06-30T03:15:41.454Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-11T10:16:21.903

Modified: 2026-06-15T16:11:21.060

Link: CVE-2026-5497

cve-icon Redhat

Severity : Important

Publid Date: 2026-06-11T08:31:18Z

Links: CVE-2026-5497 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T23:45:13Z

Weaknesses
  • CWE-400

    Uncontrolled Resource Consumption

  • CWE-770

    Allocation of Resources Without Limits or Throttling