MEDIUM
vllm-project
CVE published 2026-05-26
CVE-2026-9540
A denial-of-service vulnerability exists in vLLM 0.19.0 affecting the OpenAI-compatible serving path. The issue allows remote attackers to trigger service disruption through unspecified manipulation of the serving component. A fix has been proposed via pull request but awaits maintainer acceptance. The vulnerability is classified as medium severity with a CVSS 4.0 score of 5.5, reflecting network accessib [truncated]