Skip to main content

Vllm EUVDEUVD-2026-18522

| CVE-2026-34760 MEDIUM
Improper Input Validation (CWE-20)
2026-04-02 GitHub_M
5.9
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
5.9 MEDIUM
AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L
Red Hat
5.9 MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
Low

Lifecycle Timeline

4
Patch available
Apr 16, 2026 - 05:29 EUVD
0.18.0
EUVD ID Assigned
Apr 02, 2026 - 19:31 euvd
EUVD-2026-18522
Analysis Generated
Apr 02, 2026 - 19:31 vuln.today
CVE Published
Apr 02, 2026 - 18:59 nvd
MEDIUM 5.9

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 2 pypi packages depend on vllm (2 direct, 0 indirect)

Ecosystem-wide dependent count for version 0.5.5.

DescriptionGitHub Advisory

vLLM is an inference and serving engine for large language models (LLMs). From version 0.5.5 to before version 0.18.0, Librosa defaults to using numpy.mean for mono downmixing (to_mono), while the international standard ITU-R BS.775-4 specifies a weighted downmixing algorithm. This discrepancy results in inconsistency between audio heard by humans (e.g., through headphones/regular speakers) and audio processed by AI models (Which infra via Librosa, such as vllm, transformer). This issue has been patched in version 0.18.0.

AnalysisAI

vLLM versions 0.5.5 through 0.17.x use incorrect mono audio downmixing via numpy.mean instead of the ITU-R BS.775-4 weighted standard, causing audio processed by AI models to diverge from human perception. An authenticated remote attacker with low privileges can exploit this inconsistency to manipulate audio-based model outputs or infer mismatches between expected and actual audio processing, affecting integrity of audio-driven inference pipelines. The vulnerability has been patched in vLLM 0.18.0.

Technical ContextAI

vLLM integrates Librosa for audio preprocessing in LLM inference workflows. Librosa's to_mono function defaults to simple arithmetic mean (numpy.mean) for converting stereo to mono audio, which differs from ITU-R BS.775-4 standard weighted downmixing used in consumer audio playback and human hearing. The root cause is improper input validation and normalization (CWE-20) of audio preprocessing parameters, allowing a mismatch between training/reference audio and inference audio representations. This affects any vLLM deployment processing audio tokens or multimodal audio inputs where Librosa-based preprocessing occurs. The CPE cpe:2.3:a:vllm-project:vllm:*:*:*:*:*:*:*:* covers all vLLM instances in the affected range.

RemediationAI

Vendor-released patch: vLLM 0.18.0. Organizations should upgrade vLLM to version 0.18.0 or later immediately. The fix corrects Librosa's audio preprocessing to conform to ITU-R BS.775-4 standard weighted downmixing. For those unable to upgrade immediately, workarounds include disabling Librosa-based audio preprocessing in vLLM configuration or pre-processing audio outside vLLM using standard-compliant libraries before inference. Refer to https://github.com/vllm-project/vllm/releases/tag/v0.18.0 for release details and https://github.com/vllm-project/vllm/pull/37058 for technical implementation notes.

More in Vllm

View all
CVE-2025-32444 CRITICAL POC
10.0 Apr 30

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Rated critical severity (CVSS 10.0

CVE-2024-11041 CRITICAL POC
9.8 Mar 20

vllm-project vllm version v0.6.2 contains a vulnerability in the MessageQueue.dequeue() API function. Rated critical sev

CVE-2026-22778 CRITICAL POC
9.8 Feb 02

Information exposure in vLLM inference engine versions 0.8.3 to before 0.14.1. Invalid image requests to the multimodal

CVE-2025-30202 HIGH POC
7.5 Apr 30

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Rated high severity (CVSS 7.5), th

CVE-2026-24779 HIGH POC
7.1 Jan 27

vLLM before version 0.14.1 contains a server-side request forgery vulnerability in the MediaConnector class where incons

CVE-2025-46560 MEDIUM POC
6.5 Apr 30

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Rated medium severity (CVSS 6.5),

CVE-2026-22773 MEDIUM POC
6.5 Jan 10

Vllm versions up to 0.12.0 is affected by allocation of resources without limits or throttling (CVSS 6.5).

CVE-2026-22807 CRITICAL
9.8 Jan 21

Remote code execution in vLLM 0.10.1 through 0.13.x lets an attacker who controls the model repository or path run arbit

CVE-2026-25960 CRITICAL
9.8 Mar 09

Server-Side Request Forgery in vLLM's multimodal MediaConnector allows remote attackers to coerce the inference server i

CVE-2026-9540 MEDIUM POC
5.5 May 26

Denial of service in vllm 0.19.0's OpenAI-compatible serving path allows remote unauthenticated attackers to exhaust sch

CVE-2025-29783 CRITICAL
9.0 Mar 19

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Rated critical severity (CVSS 9.0)

CVE-2026-54232 HIGH
8.8 Jun 22

Remote code execution in vLLM versions prior to 0.22.1 allows attackers to backdoor production LLM inference deployments

Vendor StatusVendor

Share

EUVD-2026-18522 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy