PatchSiren cyber security CVE debrief
CVE-2026-25960 vllm-project CVE debrief
CVE-2026-25960 is a high-severity vulnerability in vLLM, a large language model inference and serving engine. The SSRF protection fix for CVE-2026-24779 can be bypassed in the load_from_url_async method due to inconsistent URL parsing behavior between the validation layer and the actual HTTP client. This vulnerability exists in version 0.17.0. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 7.1, indicating a high severity. The vulnerability was published on March 9, 2026, and last modified on June 30, 2026.
- Vendor
- vllm-project
- Product
- vllm
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-09
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-03-09
- Advisory updated
- 2026-06-30
Who should care
Defenders of systems using vLLM version 0.17.0 should prioritize patching this vulnerability. Large language model applications relying on vLLM for inference and serving are potential targets. Security teams responsible for cloud and web application security should assess their exposure to this vulnerability.
Technical summary
The vulnerability arises from inconsistent URL parsing behavior between the validation layer and the actual HTTP client in vLLM's load_from_url_async method. The SSRF protection fix for CVE-2026-24779, introduced in version 0.15.1, uses urllib3.util.parse_url() for validation. However, the actual HTTP requests are made using aiohttp, which internally uses the yarl library for URL parsing. This inconsistency allows for a bypass of the SSRF protection. The vulnerability has a CVSS score of 7.1 and a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L.
Defensive priority
High priority should be given to patching this vulnerability, especially in environments where vLLM is used for critical applications. Defenders should ensure that all instances of vLLM version 0.17.0 are updated to a patched version as soon as possible.
Recommended defensive actions
- Apply the patch from the vendor or community as soon as possible.
- Review and update the inventory of systems using vLLM version 0.17.0.
- Implement compensating controls, such as additional monitoring or network restrictions, until patching can be completed.
- Verify that the patch is applied correctly and that the vulnerability is no longer exploitable.
- Monitor for potential exploitation attempts or anomalies in system behavior.
Evidence notes
The CVE record and NVD detail provide official information about the vulnerability. The source item URL from NVD provides additional context and references. Vendor references from GitHub and Red Hat offer patch information and mitigation strategies.
Official resources
-
CVE-2026-25960 CVE record
CVE.org
-
CVE-2026-25960 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch
-
Mitigation or vendor reference
[email protected] - Issue Tracking, Patch
-
Source reference
[email protected] - Not Applicable
-
Mitigation or vendor reference
[email protected] - Exploit, Patch, Vendor Advisory
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article is AI-assisted and based on the supplied source corpus.