PatchSiren cyber security CVE debrief
CVE-2026-55574 vllm-project CVE debrief
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-06T21:16:57.347Z and has not been modified since then. The vLLM inference and serving engine for LLMs is vulnerable to a denial-of-service attack due to an issue with the structured_outputs.regex API parameter. Prior to version 0.24.0, the API parameter passes a user-supplied regular expression string directly to the grammar compiler backends with no compilation timeout. This allows an attacker to cause exponential state-space expansion, hanging an inference worker indefinitely and denying service. Users of vLLM inference and serving engine for LLMs should be aware of this high-severity vulnerability and take immediate action to protect their systems.
- Vendor
- vllm-project
- Product
- vllm
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-06
- Original CVE updated
- 2026-07-07
- Advisory published
- 2026-07-06
- Advisory updated
- 2026-07-07
Who should care
Users of vLLM inference and serving engine for LLMs, particularly those who manage or operate LLMs, should be aware of this high-severity vulnerability and take immediate action to protect their systems. This includes updating vLLM to version 0.24.0 or later, implementing input validation and sanitization for regular expression strings, and monitoring system performance and logs for signs of potential attacks. Additionally, security teams and vulnerability management teams should review the official advisory and CVE record to validate affected scope, severity, and vendor guidance.
Technical summary
The vLLM inference and serving engine for LLMs is vulnerable to a denial-of-service attack due to an issue with the structured_outputs.regex API parameter. Prior to version 0.24.0, the API parameter passes a user-supplied regular expression string directly to the grammar compiler backends with no compilation timeout. This allows an attacker to cause exponential state-space expansion, hanging an inference worker indefinitely and denying service. The issue is fixed in version 0.24.0 of vLLM.
Defensive priority
High priority should be given to updating vLLM to version 0.24.0 or later to prevent this denial-of-service vulnerability.
Recommended defensive actions
- Update vLLM to version 0.24.0 or later
- Implement input validation and sanitization for regular expression strings
- Monitor system performance and logs for signs of potential attacks
- Consider implementing rate limiting or other protective measures
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record and NVD detail provide information on the vulnerability and its impact. The vendor has released a patch for the issue, which is included in version 0.24.0 of vLLM. To verify the vulnerability, defenders should review the official advisory and CVE record, and check for affected product deployments in managed environments. The structured_outputs.regex API parameter passes a user-supplied regular expression string directly to the grammar compiler backends with no compilation timeout, allowing an attacker to cause exponential state-space expansion. This issue can be mitigated by updating vLLM to version 0.24.0 or later, implementing input validation and sanitization for regular expression strings, and monitoring system performance and logs for signs of potential attacks.
Official resources
-
CVE-2026-55574 CVE record
CVE.org
-
CVE-2026-55574 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch
-
Mitigation or vendor reference
[email protected] - Issue Tracking, Patch
-
Mitigation or vendor reference
[email protected] - Vendor Advisory, Mitigation
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-06T21:16:57.347Z and has not been modified since then.