PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-27893 vllm-project CVE debrief

CVE-2026-27893 is a high-severity vulnerability in vLLM, a large language model inference and serving engine. The vulnerability allows for remote code execution via malicious model repositories even when the user has explicitly disabled remote code trust. This issue was introduced in version 0.10.1 and patched in version 0.18.0. The vulnerability has a CVSS score of 8.8 and is considered HIGH severity. Users of vLLM should update to version 0.18.0 or later to mitigate this vulnerability.

Vendor
vllm-project
Product
vllm
CVSS
HIGH 8.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-03-27
Original CVE updated
2026-06-30
Advisory published
2026-03-27
Advisory updated
2026-06-30

Who should care

Users of vLLM, particularly those who use the engine for large language models, should be aware of this vulnerability and take steps to mitigate it. This includes updating to version 0.18.0 or later and ensuring that remote code execution is not enabled. Additionally, users should be cautious when loading sub-components from untrusted sources.

Technical summary

The vulnerability is caused by two model implementation files that hardcode `trust_remote_code=True` when loading sub-components, bypassing the user's explicit `--trust-remote-code=False` security opt-out. This allows for remote code execution via malicious model repositories. The issue was patched in version 0.18.0, which removes the hardcoded `trust_remote_code=True` setting. Users can mitigate this vulnerability by updating to version 0.18.0 or later and ensuring that remote code execution is not enabled.

Defensive priority

High priority should be given to updating to version 0.18.0 or later. Additionally, users should review their current configuration and ensure that remote code execution is not enabled.

Recommended defensive actions

  • Update to version 0.18.0 or later
  • Review current configuration and ensure remote code execution is not enabled
  • Be cautious when loading sub-components from untrusted sources
  • Monitor for suspicious activity
  • Consider implementing additional security controls

Evidence notes

The vulnerability was introduced in version 0.10.1 and patched in version 0.18.0. The CVSS score is 8.8, indicating high severity. The vulnerability allows for remote code execution via malicious model repositories.

Official resources

This article was generated with AI assistance based on the supplied source corpus.