Description
vLLM is an inference and serving engine for large language models. From 0.22.0 to 0.23.0, the /v1/audio/transcriptions and /v1/audio/translations routes call request.file.read() to fully materialize an uploaded audio file into memory before vLLM checks the documented VLLM_MAX_AUDIO_CLIP_FILESIZE_MB compressed upload size limit (default 25 MB) later in the speech-to-text preprocessing step, so an API caller who can reach those routes can submit an oversized multipart upload and cause vLLM to allocate memory proportional to the uploaded file size before the request is rejected as too large, creating memory pressure or terminating the process depending on deployment resource limits. This issue is fixed in version 0.24.0.
Published: 2026-07-06
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

vLLM processes audio uploads for its speech‑to‑text endpoints by reading the entire multipart file into memory before checking the configured maximum file‑size limit. An attacker who can reach the /v1/audio/transcriptions or /v1/audio/translations endpoint can upload an oversized audio file, causing the application to allocate memory proportional to the file size before rejecting the request. This excessive allocation can stress the host’s memory resources or trigger a JVM or container death, resulting in service disruption. The vulnerability is a classic example of uncontrolled resource consumption (CWE‑400) and out‑of‑memory allocation (CWE‑770).

Affected Systems

The issue affects the vllm project’s vllm engine for versions 0.22.0 through 0.23.0. It is resolved in version 0.24.0 and later. Any deployment running one of the vulnerable releases and exposing the speech‑to‑text endpoints is susceptible.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate severity, and no EPSS score is currently available, so the likelihood of exploitation cannot be quantified. The vulnerability is not listed in the CISA KEV catalog. The attack path is straightforward: an API caller who can reach the endpoints can submit a multipart audio file larger than the intended limit. This requires network access to the service and valid authentication if the service enforces it. When the file exceeds the memory limit, the service will experience high memory pressure or crash before it can reject the request.

Generated by OpenCVE AI on July 7, 2026 at 05:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade vllm to version 0.24.0 or later, which removes the pre‑allocation bug.
  • If an upgrade cannot be performed immediately, enforce a strict file‑size limit on incoming multipart uploads before the request reaches the vLLM processing layer.
  • Configure system or container memory limits and monitor resource usage to contain memory growth and detect pressure caused by oversized uploads.

Generated by OpenCVE AI on July 7, 2026 at 05:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 06 Jul 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Vllm-project
Vllm-project vllm
Vendors & Products Vllm-project
Vllm-project vllm

Mon, 06 Jul 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 06 Jul 2026 19:45:00 +0000

Type Values Removed Values Added
Description vLLM is an inference and serving engine for large language models. From 0.22.0 to 0.23.0, the /v1/audio/transcriptions and /v1/audio/translations routes call request.file.read() to fully materialize an uploaded audio file into memory before vLLM checks the documented VLLM_MAX_AUDIO_CLIP_FILESIZE_MB compressed upload size limit (default 25 MB) later in the speech-to-text preprocessing step, so an API caller who can reach those routes can submit an oversized multipart upload and cause vLLM to allocate memory proportional to the uploaded file size before the request is rejected as too large, creating memory pressure or terminating the process depending on deployment resource limits. This issue is fixed in version 0.24.0.
Title vLLM speech-to-text endpoints allocate full upload before enforcing the audio file-size limit
Weaknesses CWE-400
CWE-770
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}


Subscriptions

Vllm-project Vllm
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-07-06T19:49:44.773Z

Reserved: 2026-06-16T23:52:12.058Z

Link: CVE-2026-55646

cve-icon Vulnrichment

Updated: 2026-07-06T19:49:27.923Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-07T05:30:04Z

Weaknesses
  • CWE-400

    Uncontrolled Resource Consumption

  • CWE-770

    Allocation of Resources Without Limits or Throttling