Skip to main content

Red Hat Ai Inference Server

1 CVEs product

Monthly

CVE-2026-12491 PyPI MEDIUM This Month

Image input manipulation in vLLM's multimodal preprocessing pipeline allows remote, unauthenticated network attackers to craft images with specific EXIF orientation or PNG tRNS transparency metadata that, when converted to RGB by vLLM, produces semantically altered image content fed to the LLM - affecting the integrity of inference outputs and potentially the reliability of the inference service. Affected deployments include Red Hat AI Inference Server across RHEL AI 3 and Red Hat OpenShift AI (RHOAI) environments. No public exploit code has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog; however, sensitive inference workloads processing user-supplied images (e.g., document classification, content moderation) face a higher practical risk from subtle input distortion attacks.

Information Disclosure Red Hat Red Hat Openshift Ai Rhoai Red Hat Ai Inference Server Red Hat Enterprise Linux Ai Rhel Ai 3
NVD
CVSS 3.1
4.8
EPSS
0.2%
EPSS 0% CVSS 4.8
MEDIUM This Month

Image input manipulation in vLLM's multimodal preprocessing pipeline allows remote, unauthenticated network attackers to craft images with specific EXIF orientation or PNG tRNS transparency metadata that, when converted to RGB by vLLM, produces semantically altered image content fed to the LLM - affecting the integrity of inference outputs and potentially the reliability of the inference service. Affected deployments include Red Hat AI Inference Server across RHEL AI 3 and Red Hat OpenShift AI (RHOAI) environments. No public exploit code has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog; however, sensitive inference workloads processing user-supplied images (e.g., document classification, content moderation) face a higher practical risk from subtle input distortion attacks.

Information Disclosure Red Hat Red Hat Openshift Ai Rhoai +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy