CVE-2026-53923 vllm-project CVE debrief

Who should care

Organizations using vLLM for inference and serving large language models should be aware of this vulnerability. Specifically, those with multi-tenant inference deployments may be at risk of information disclosure. Users of affected versions (from 0.5.5 to 0.23.1rc0) should take action to mitigate this vulnerability.

Technical summary

The vulnerability is caused by integer truncation of tensor dimensions in vLLM's GGUF dequantize kernels (csrc/quantization/gguf/gguf_kernel.cu). The output tensor is allocated at full size via torch::empty (uninitialized memory), but the dequantize CUDA kernel processes only a truncated number of elements. This results in the unfilled portion of the output tensor retaining whatever was previously in GPU memory. In multi-tenant inference deployments, this residual GPU memory may contain tensor data from other users' inference requests, constituting information disclosure. The vulnerability is fixed in version 0.23.1rc0.

Defensive priority

Medium priority should be given to addressing this vulnerability, especially in multi-tenant inference deployments. Organizations should assess their exposure and apply the fix from version 0.23.1rc0 as soon as possible.

Recommended defensive actions

• Assess exposure to this vulnerability in multi-tenant inference deployments.
• Apply the fix from version 0.23.1rc0.
• Review and update inventory of affected vLLM versions.
• Monitor for potential information disclosure incidents.
• Implement compensating controls to detect and prevent exploitation.

Evidence notes

The vulnerability was discovered and reported through the CVE program. The CVE record and NVD detail provide official information about the vulnerability. Additional details are available from the source item URL and mitigation or vendor references.

Official resources