CVE-2026-41523 vllm-project CVE debrief

Who should care

Organizations using vLLM for large language model inference and serving should prioritize patching this vulnerability. Specifically, any deployment running vLLM in Python optimized mode is at risk. Additionally, security teams responsible for monitoring and protecting against potential code execution attacks should be aware of this vulnerability.

Technical summary

The vulnerability exists in the activation function loading process of vLLM, where an assert-based security check can be bypassed. This allows an attacker to publish a malicious HuggingFace model that, when loaded, can execute arbitrary code on the server. The vulnerability requires no authentication and can be exploited through the publication of a malicious model. The fix in version 0.22.0 addresses this security check bypass. The CVE has been assigned a CVSS score of 7.5, indicating high severity.

Defensive priority

Patching to version 0.22.0 or later is strongly recommended. In the interim, organizations should review their vLLM deployments to ensure they are not running in Python optimized mode, which increases the risk of exploitation.

Recommended defensive actions

• Patch vLLM to version 0.22.0 or later immediately.
• Review current vLLM deployments to ensure they are not running in Python optimized mode.
• Monitor for suspicious model publication or loading activities.
• Implement additional security checks for models before loading them.
• Consider compensating controls such as restricted access to model publishing and loading functionality.

Evidence notes

The CVE and NVD records provide details on the vulnerability, including its CVSS score and affected versions. The vendor's advisory and patch notes are available through the GitHub security advisory and commit related to the fix.

Official resources