PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-25960 vllm-project CVE debrief

CVE-2026-25960 is a high-severity vulnerability in vLLM, a large language model inference and serving engine. The SSRF protection fix for CVE-2026-24779 can be bypassed in the load_from_url_async method due to inconsistent URL parsing behavior between the validation layer and the actual HTTP client. This vulnerability exists in version 0.17.0. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 7.1, indicating a high severity. The vulnerability was published on March 9, 2026, and last modified on June 30, 2026.

Vendor
vllm-project
Product
vllm
CVSS
HIGH 7.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-03-09
Original CVE updated
2026-06-30
Advisory published
2026-03-09
Advisory updated
2026-06-30

Who should care

Defenders of systems using vLLM version 0.17.0 should prioritize patching this vulnerability. Large language model applications relying on vLLM for inference and serving are potential targets. Security teams responsible for cloud and web application security should assess their exposure to this vulnerability.

Technical summary

The vulnerability arises from inconsistent URL parsing behavior between the validation layer and the actual HTTP client in vLLM's load_from_url_async method. The SSRF protection fix for CVE-2026-24779, introduced in version 0.15.1, uses urllib3.util.parse_url() for validation. However, the actual HTTP requests are made using aiohttp, which internally uses the yarl library for URL parsing. This inconsistency allows for a bypass of the SSRF protection. The vulnerability has a CVSS score of 7.1 and a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L.

Defensive priority

High priority should be given to patching this vulnerability, especially in environments where vLLM is used for critical applications. Defenders should ensure that all instances of vLLM version 0.17.0 are updated to a patched version as soon as possible.

Recommended defensive actions

  • Apply the patch from the vendor or community as soon as possible.
  • Review and update the inventory of systems using vLLM version 0.17.0.
  • Implement compensating controls, such as additional monitoring or network restrictions, until patching can be completed.
  • Verify that the patch is applied correctly and that the vulnerability is no longer exploitable.
  • Monitor for potential exploitation attempts or anomalies in system behavior.

Evidence notes

The CVE record and NVD detail provide official information about the vulnerability. The source item URL from NVD provides additional context and references. Vendor references from GitHub and Red Hat offer patch information and mitigation strategies.

Official resources

This article is AI-assisted and based on the supplied source corpus.