PatchSiren cyber security CVE debrief
CVE-2026-27893 vllm-project CVE debrief
CVE-2026-27893 is a high-severity vulnerability in vLLM, a large language model inference and serving engine. The vulnerability allows for remote code execution via malicious model repositories even when the user has explicitly disabled remote code trust. This issue was introduced in version 0.10.1 and patched in version 0.18.0. The vulnerability has a CVSS score of 8.8 and is considered HIGH severity. Users of vLLM should update to version 0.18.0 or later to mitigate this vulnerability.
- Vendor
- vllm-project
- Product
- vllm
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-27
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-03-27
- Advisory updated
- 2026-06-30
Who should care
Users of vLLM, particularly those who use the engine for large language models, should be aware of this vulnerability and take steps to mitigate it. This includes updating to version 0.18.0 or later and ensuring that remote code execution is not enabled. Additionally, users should be cautious when loading sub-components from untrusted sources.
Technical summary
The vulnerability is caused by two model implementation files that hardcode `trust_remote_code=True` when loading sub-components, bypassing the user's explicit `--trust-remote-code=False` security opt-out. This allows for remote code execution via malicious model repositories. The issue was patched in version 0.18.0, which removes the hardcoded `trust_remote_code=True` setting. Users can mitigate this vulnerability by updating to version 0.18.0 or later and ensuring that remote code execution is not enabled.
Defensive priority
High priority should be given to updating to version 0.18.0 or later. Additionally, users should review their current configuration and ensure that remote code execution is not enabled.
Recommended defensive actions
- Update to version 0.18.0 or later
- Review current configuration and ensure remote code execution is not enabled
- Be cautious when loading sub-components from untrusted sources
- Monitor for suspicious activity
- Consider implementing additional security controls
Evidence notes
The vulnerability was introduced in version 0.10.1 and patched in version 0.18.0. The CVSS score is 8.8, indicating high severity. The vulnerability allows for remote code execution via malicious model repositories.
Official resources
-
CVE-2026-27893 CVE record
CVE.org
-
CVE-2026-27893 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch
-
Source reference
[email protected] - Issue Tracking
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article was generated with AI assistance based on the supplied source corpus.