PatchSiren cyber security CVE debrief
CVE-2026-47155 vllm-project CVE debrief
CVE-2026-47155 is a supply-chain integrity issue in vLLM, a large language model inference and serving engine. Prior to version 0.22.0, vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. This inconsistency allows deployments that specify --revision or --code-revision to still load dynamic code, GGUF files, image processors, retrieval side weights, or same-repository subfolder weights/config from an unpinned or default revision. As a result, operators may believe they are serving a reviewed model revision while vLLM actually resolves behavior-affecting nested or sibling artifacts outside that reviewed revision. This issue is fixed in version 0.22.0. Organizations using vLLM should update to version 0.22.0 or later to mitigate this vulnerability.
- Vendor
- vllm-project
- Product
- vllm
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-22
- Original CVE updated
- 2026-06-24
- Advisory published
- 2026-06-22
- Advisory updated
- 2026-06-24
Who should care
Organizations using vLLM for serving large language models should be aware of this supply-chain integrity issue. Specifically, those who rely on vLLM's revision pinning feature to ensure consistent and secure deployments should take action. This includes model developers, DevOps teams, and security professionals responsible for maintaining and securing AI infrastructure.
Technical summary
The vulnerability in vLLM arises from inconsistent application of revision pinning controls across all model artifacts. When deploying a model with a specified revision, vLLM does not consistently enforce that revision for all loaded artifacts. This can lead to unintended behavior, as the actual model serving may include components from different revisions. The issue is particularly concerning because it affects the integrity of the model's supply chain, potentially allowing for the inclusion of unreviewed or malicious code. The fix in version 0.22.0 ensures that revision pinning is consistently applied across all artifacts, maintaining the integrity of the deployed model.
Defensive priority
High priority should be given to updating vLLM to version 0.22.0 or later. In the meantime, operators should carefully monitor their deployments for any signs of inconsistent artifact loading and consider implementing additional security measures to verify the integrity of their model deployments.
Recommended defensive actions
- Update vLLM to version 0.22.0 or later.
- Review current deployments for any signs of inconsistent artifact loading.
- Implement additional security measures to verify model deployment integrity.
- Monitor model serving logs for unexpected behavior.
- Consider temporarily disabling revision pinning if not already in use.
Evidence notes
The CVE-2026-47155 issue was made public on June 22, 2026, with an update on June 24, 2026. The vulnerability was discovered and reported through the GitHub security advisory process. The fix was released in version 0.22.0 of vLLM. The CVSS score for this vulnerability is 6.5, with a severity rating of Medium.
Official resources
-
CVE-2026-47155 CVE record
CVE.org
-
CVE-2026-47155 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch
-
Source reference
[email protected] - Issue Tracking
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
This article is AI-assisted and based on the supplied source corpus.