Skip to main content

vLLM CVE-2026-55574

| EUVDEUVD-2026-41924 HIGH
Inefficient Regular Expression Complexity (ReDoS) (CWE-1333)
2026-07-06 GitHub_M
8.7
CVSS 4.0 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.5 HIGH

Remotely reachable unauthenticated API parameter (AV:N/PR:N/UI:N) with a low-effort crafted regex (AC:L) causing worker hang; impact is availability-only (A:H, C/I:N).

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Patch available
Jul 06, 2026 - 22:02 EUVD
Analysis Generated
Jul 06, 2026 - 21:04 vuln.today

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 134 pypi packages depend on vllm (132 direct, 2 indirect)

Ecosystem-wide dependent count for version 0.24.0.

DescriptionCVE.org

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, the structured_outputs.regex API parameter passes a user-supplied regular expression string directly to the grammar compiler backends with no compilation timeout; in the xgrammar backend the string reaches the regex compiler with no guard, and in the outlines backend the validation step blocks structural issues such as lookarounds and backreferences but performs no complexity analysis, so a pattern with nested quantifiers passes all checks and causes exponential state-space expansion, allowing a single request containing an adversarial regex to hang an inference worker indefinitely and deny service. This issue is fixed in version 0.24.0.

AnalysisAI

Denial of service in vLLM inference servers prior to 0.24.0 allows remote unauthenticated attackers to hang an inference worker indefinitely by submitting a single request with an adversarial regular expression via the structured_outputs.regex API parameter. The pattern is passed to grammar compiler backends (xgrammar with no guard, outlines with structural-but-not-complexity validation) where nested quantifiers trigger exponential state-space expansion (ReDoS). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach exposed vLLM inference endpoint
Delivery
Craft request with nested-quantifier regex
Exploit
Set structured_outputs.regex parameter
Execution
Grammar backend compiles pattern unguarded
Persist
Exponential state expansion hangs worker
Impact
Sustained inference denial of service

Vulnerability AssessmentAI

Exploitation Exploitation requires that the target vLLM deployment (prior to 0.24.0) expose the structured/guided decoding API and permit client-supplied patterns via the structured_outputs.regex parameter, reachable by the attacker over the network without authentication (CVSS PR:N/UI:N). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The provided CVSS 4.0 score of 8.7 (High) with vector AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H reflects a purely availability-impacting flaw that is network-reachable, low-complexity, requires no privileges (PR:N, unauthenticated), and needs no user interaction - an accurate representation of a remotely triggerable ReDoS. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with access to a vLLM OpenAI-compatible endpoint sends a single completion request that sets structured_outputs.regex to a pathological pattern with nested quantifiers (e.g. something like (a+)+$). …
Remediation Vendor-released patch: upgrade vLLM to version 0.24.0 or later, which fixes the missing compilation guard/timeout on regex-based structured outputs (see advisory GHSA-rwxx-mrjm-wc2m at https://github.com/vllm-project/vllm/security/advisories/GHSA-rwxx-mrjm-wc2m and the fix in https://github.com/vllm-project/vllm/pull/45118 / commit 2b3006076c5e9bc4cda9e03e3641388de3c5c286). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: audit all vLLM deployments to identify versions prior to 0.24.0; disable the structured_outputs.regex API parameter if not critical to operations. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Vllm

View all
CVE-2025-32444 CRITICAL POC
10.0 Apr 30

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Rated critical severity (CVSS 10.0

CVE-2024-11041 CRITICAL POC
9.8 Mar 20

vllm-project vllm version v0.6.2 contains a vulnerability in the MessageQueue.dequeue() API function. Rated critical sev

CVE-2026-22778 CRITICAL POC
9.8 Feb 02

Information exposure in vLLM inference engine versions 0.8.3 to before 0.14.1. Invalid image requests to the multimodal

CVE-2025-30202 HIGH POC
7.5 Apr 30

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Rated high severity (CVSS 7.5), th

CVE-2026-24779 HIGH POC
7.1 Jan 27

vLLM before version 0.14.1 contains a server-side request forgery vulnerability in the MediaConnector class where incons

CVE-2025-46560 MEDIUM POC
6.5 Apr 30

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Rated medium severity (CVSS 6.5),

CVE-2026-22773 MEDIUM POC
6.5 Jan 10

Vllm versions up to 0.12.0 is affected by allocation of resources without limits or throttling (CVSS 6.5).

CVE-2026-22807 CRITICAL
9.8 Jan 21

Remote code execution in vLLM 0.10.1 through 0.13.x lets an attacker who controls the model repository or path run arbit

CVE-2026-25960 CRITICAL
9.8 Mar 09

Server-Side Request Forgery in vLLM's multimodal MediaConnector allows remote attackers to coerce the inference server i

CVE-2026-9540 MEDIUM POC
5.5 May 26

Denial of service in vllm 0.19.0's OpenAI-compatible serving path allows remote unauthenticated attackers to exhaust sch

CVE-2025-29783 CRITICAL
9.0 Mar 19

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Rated critical severity (CVSS 9.0)

CVE-2026-54232 HIGH
8.8 Jun 22

Remote code execution in vLLM versions prior to 0.22.1 allows attackers to backdoor production LLM inference deployments

Share

CVE-2026-55574 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy