What is the CVSS score of CVE-2026-22778?

CVE-2026-22778 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of AI / ML are affected by CVE-2026-22778?

Vllm versions up to 0.14.1 expose sensitive information in log files, creating a data breach risk for any organization using this AI inference framework.. A patch is available.

How to fix or mitigate CVE-2026-22778?

Within 24 hours: Identify all systems running Vllm versions up to 0.14.1 and assess what sensitive data may have been logged. Within 7 days: Apply vendor patch to upgrade to Vllm 0.14.2 or later across all affected environments. Within 30 days: Review and rotate any credentials or API keys that may have been exposed in logs, implement log retention policies that prevent accumulation of sensitive data, and verify log access controls.

AI / ML CVE-2026-22778

CRITICAL

Insertion of Sensitive Information into Log File (CWE-532)

2026-02-02 security-advisories@github.com

GHSA-4r2x-xpjr-7cvv

RCE Heap Overflow Red Hat AI / ML Vllm

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:01 vuln.today

Patch released

Feb 23, 2026 - 18:19 nvd

Patch available

CVE Published

Feb 02, 2026 - 23:16 nvd

CRITICAL 9.8

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

1 pypi packages depend on vllm (1 direct, 0 indirect)

Ecosystem-wide dependent count for version 0.8.3.

DescriptionNVD

vLLM is an inference and serving engine for large language models (LLMs). From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns this error to the client, leaking a heap address. With this leak, we reduce ASLR from 4 billion guesses to ~8 guesses. This vulnerability can be chained a heap overflow with JPEG2000 decoder in OpenCV/FFmpeg to achieve remote code execution. This vulnerability is fixed in 0.14.1.

AnalysisAI

Information exposure in vLLM inference engine versions 0.8.3 to before 0.14.1. Invalid image requests to the multimodal endpoint cause sensitive data logging. …

RemediationAI

Within 24 hours: Identify all systems running Vllm versions up to 0.14.1 and assess what sensitive data may have been logged. Within 7 days: Apply vendor patch to upgrade to Vllm 0.14.2 or later across all affected environments. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory