CVE-2026-24779

HIGH
2026-01-27 [email protected] GHSA-qh4c-xf7m-gxfc
7.1
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
Low

Lifecycle Timeline

4
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
PoC Detected
Jan 30, 2026 - 14:41 vuln.today
Public exploit code
Patch Released
Jan 30, 2026 - 14:41 nvd
Patch available
CVE Published
Jan 27, 2026 - 22:15 nvd
HIGH 7.1

Tags

Python Industrial SSRF Denial Of Service AI / ML Vllm Redhat

Description

vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.14.1, a Server-Side Request Forgery (SSRF) vulnerability exists in the `MediaConnector` class within the vLLM project's multimodal feature set. The load_from_url and load_from_url_async methods obtain and process media from URLs provided by users, using different Python parsing libraries when restricting the target host. These two parsing libraries have different interpretations of backslashes, which allows the host name restriction to be bypassed. This allows an attacker to coerce the vLLM server into making arbitrary requests to internal network resources. This vulnerability is particularly critical in containerized environments like `llm-d`, where a compromised vLLM pod could be used to scan the internal network, interact with other pods, and potentially cause denial of service or access sensitive data. For example, an attacker could make the vLLM pod send malicious requests to an internal `llm-d` management endpoint, leading to system instability by falsely reporting metrics like the KV cache state. Version 0.14.1 contains a patch for the issue.

Analysis

vLLM before version 0.14.1 contains a server-side request forgery vulnerability in the MediaConnector class where inconsistent URL parsing between libraries allows attackers to bypass host restrictions and force the server to make arbitrary requests to internal network resources. Public exploit code exists for this vulnerability, which poses significant risk in containerized environments where a compromised vLLM instance could be leveraged to access restricted internal systems. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 24 hours: Inventory all vLLM instances and identify those running versions prior to 0.14.1 in production environments. Within 7 days: Apply vendor patch to upgrade vLLM to version 0.14.1 or later across all affected systems. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

56
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +36
POC: +20

Vendor Status

Share

CVE-2026-24779 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy