CVE-2026-54236 vllm-project CVE debrief

Who should care

Defenders of systems using vLLM should be aware of this vulnerability and take steps to mitigate it. Specifically, those using versions prior to 0.23.1rc0 should update to the latest version. Additionally, defenders should monitor their systems for potential exploitation attempts.

Technical summary

The vulnerability in vLLM arises from an incomplete fix for CVE-2026-22778. The sanitize_message helper, which strips object-repr memory addresses from error messages, is not called in several response paths, including the Anthropic API router, Server-Sent Events streaming converter, and realtime speech-to-text WebSocket. This allows an unauthenticated attacker to leak heap memory addresses by sending malformed image bytes through the Anthropic Messages API.

Defensive priority

Defenders should prioritize updating to version 0.23.1rc0 or later. Additionally, defenders should monitor their systems for potential exploitation attempts and implement compensating controls to detect and prevent similar attacks.

Recommended defensive actions

• Update to version 0.23.1rc0 or later
• Monitor systems for potential exploitation attempts
• Implement compensating controls to detect and prevent similar attacks
• Review and update incident response plans
• Conduct vulnerability scanning and penetration testing

Evidence notes

The CVE-2026-54236 vulnerability was introduced due to an incomplete fix for CVE-2026-22778. The issue was discovered and reported by an unknown party. The CVE was published on 2026-06-22T23:16:31.290Z and modified on 2026-06-24T16:53:59.157Z. The vulnerability has a CVSS score of 5.3 and a severity of MEDIUM.

Official resources