EUVD-2026-32979CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
vllm-project/vllm version 0.14.1 contains a vulnerability where the trust_remote_code=True parameter is hardcoded in two model implementation files (vllm/model_executor/models/nemotron_vl.py and vllm/model_executor/models/kimi_k25.py). This bypasses the user's explicit --trust-remote-code=False setting, enabling remote code execution via malicious HuggingFace model repositories. This issue is an incomplete fix for CVE-2025-66448 and CVE-2026-22807, as it affects separate code paths in model implementation files. Deployments loading NemotronVL or KimiK25 models are particularly impacted.
AnalysisAI
Remote code execution in vLLM 0.14.1 occurs because trust_remote_code=True is hardcoded inside the NemotronVL and KimiK25 model loaders, silently overriding the operator's explicit --trust-remote-code=False safety flag. Any deployment that loads a malicious or compromised HuggingFace repository for these model architectures will execute attacker-controlled Python in the inference process, despite UI:R requiring an operator to initiate the model load. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
24 hours: Audit all vLLM 0.14.1 deployments to identify use of NemotronVL and KimiK25 models; restrict model loading to internal pre-approved repositories only and block external HuggingFace access from inference processes. 7 days: Review code of all currently-loaded models and establish mandatory security review process for any new model repository loads; monitor vendor advisories for patched vLLM version. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today