CVE-2026-22778 vllm-project CVE debrief

Who should care

Organizations using vLLM for large language model inference and serving should prioritize patching this vulnerability. The vulnerability's critical severity and potential for remote code execution make it a high-risk issue. Additionally, defenders should review their inventory of affected systems and monitor for potential exploitation attempts.

Technical summary

The vulnerability exists in vLLM's multimodal endpoint, where an invalid image triggers an error in PIL, leading to a heap address leak. This leak significantly weakens ASLR, making it easier for attackers to exploit the system. The vulnerability can be exploited remotely, and its critical severity score of 9.8 indicates a high risk to affected systems. The fix in version 0.14.1 addresses the issue by properly handling errors and preventing information disclosure.

Defensive priority

Patching to version 0.14.1 is the primary recommended action. Additionally, defenders should review their system inventory, monitor for exploitation attempts, and consider implementing compensating controls to mitigate potential risks.

Recommended defensive actions

• Patch vLLM to version 0.14.1 or later
• Review inventory of affected systems
• Monitor for potential exploitation attempts
• Implement compensating controls to mitigate risks
• Verify error handling in multimodal endpoint
• Update OpenCV/FFmpeg to prevent heap overflow chaining

Evidence notes

The CVE record and NVD detail provide official information on the vulnerability. The source item URL provides additional context from the NVD database. Vendor references, including GitHub pull requests and release notes, offer insights into the fix and mitigation strategies.

Official resources