Description
vLLM versions >= 0.10.2 and < 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests with malformed (negative or out-of-bounds) tensor indices, when the prompt-embeds feature is enabled, to trigger crashes or resource exhaustion (denial of service), with potential for out-of-bounds/write-what-where memory corruption. This continues CVE-2025-62164, whose prior fix only disabled the feature by default rather than addressing the root cause.
Published: 2026-06-20
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

vLLM versions from 0.10.2 up to, but not including, 0.13.0 tensor indices used in multimodal embeddings. An attacker that can submit crafted embedding requests can provision tensors with negative or out‑of‑bounds indices, provoking flaw is rooted in improper input validation (CWE‑20) and may also lead to out‑of‑bounds memory corruption.

Affected Systems

The vulnerability affects the vLLM library released by vLLM. All installations using versions 0.10.2 through 0.12.x that have the prompt‑embeds feature enabled are impacted. Versions prior to 0.10.2 and 0.13.0 or later are not affected.

Risk and Exploitability

The CVSS score of 8.7 classifies the flaw as High severity. The EPSS score of <1% indicates a very low but nonzero probability of exploitation. The flaw is not currently listed in CISA KEV. Based on the description, it is inferred that attackers can exploit it from any network location that can send HTTP requests to the vLLM service by providing malicious multimodal embedding data. This and potentially expose memory safety vulnerabilities.

Generated by OpenCVE AI on June 29, 2026 at 14:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade vLLM to version 0.13.0 or later, where sparse tensor index validation is restored
  • If an upgrade cannot be applied immediately, disable the prompt‑embeds feature or entirely block multimodal embedding processing until a patch is available
  • Implement application before invoking vLLM’s embeddings API

Generated by OpenCVE AI on June 29, 2026 at 14:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 29 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
References
Metrics threat_severity

None

threat_severity

Important


Wed, 24 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Sat, 20 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Description vLLM versions >= 0.10.2 and < 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests with malformed (negative or out-of-bounds) tensor indices, when the prompt-embeds feature is enabled, to trigger crashes or resource exhaustion (denial of service), with potential for out-of-bounds/write-what-where memory corruption. This continues CVE-2025-62164, whose prior fix only disabled the feature by default rather than addressing the root cause.
Title vLLM - Denial of Service via Unvalidated Multimodal Embeddings
First Time appeared Vllm
Vllm vllm
Weaknesses CWE-20
CPEs cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*
Vendors & Products Vllm
Vllm vllm
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-30T12:10:43.320Z

Reserved: 2026-06-20T13:13:56.012Z

Link: CVE-2026-56340

cve-icon Vulnrichment

Updated: 2026-06-30T03:16:18.016Z

cve-icon NVD

No data.

cve-icon Redhat

Severity : Important

Publid Date: 2026-06-20T18:27:10Z

Links: CVE-2026-56340 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T14:30:18Z

Weaknesses