PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-5497 vllm-project CVE debrief

CVE-2026-5497 is a HIGH severity vulnerability in vLLM, a library for large language models. Versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS) attack due to unbounded frame count processing in the `VideoMediaIO.load_base64()` method. This method processes `video/jpeg` data URLs by splitting the base64 data string on commas to extract individual JPEG frames without enforcing a frame count limit. An attacker can exploit this by crafting a single API request containing thousands of comma-separated base64-encoded JPEG frames in a data URL, causing the server to decode all frames into memory and crash due to excessive memory consumption. The vulnerability is reachable via the OpenAI-compatible chat completions API and does not require authentication.

Vendor
vllm-project
Product
vllm-project/vllm
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-11
Original CVE updated
2026-06-11
Advisory published
2026-06-11
Advisory updated
2026-06-11

Who should care

Users of vLLM library, particularly those using versions 0.8.0 and later, should be aware of this vulnerability and take steps to mitigate it.

Technical summary

The `VideoMediaIO.load_base64()` method in vLLM versions 0.8.0 and later does not limit the number of JPEG frames that can be extracted from a `video/jpeg` data URL. This allows an attacker to cause a Denial of Service (DoS) by providing a URL with thousands of comma-separated base64-encoded JPEG frames, leading to excessive memory consumption and a potential crash.

Defensive priority

HIGH

Recommended defensive actions

  • Update to a patched version of vLLM, if available.
  • Implement input validation and frame count limiting for `video/jpeg` data URLs.
  • Monitor API usage for suspicious activity.

Evidence notes

Evidence for this CVE comes from the NVD and Huntr.

Official resources

CVE-2026-5497 was published on 2026-06-11T10:16:21.903Z and modified on 2026-06-11T15:37:21.933Z.