← All CVEs

CVE-2026-56340

HIGH 8.7

Published 2026-06-20 · Last modified 2026-06-30

vLLM versions >= 0.10.2 and < 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests with malformed (negative or out-of-bounds) tensor indices, when the prompt-embeds feature is enabled, to trigger crashes or resource exhaustion (denial of service), with potential for out-of-bounds/write-what-where memory corruption. This continues CVE-2025-62164, whose prior fix only disabled the feature by default rather than addressing the root cause.

ELEVATED IMPACT

Severe if exploited (CVSS 8.7), but no known exploitation and low modeled probability. Patch on a normal cadence.

Exploitation likelihood

0.4%chance of exploitation in 30 days · 27th percentile

○ In CISA KEV ○ Public exploit / PoC

Impact if exploited

8.7CVSS 4.0 · HIGH

  • ConfidentialityHigh
  • IntegrityHigh
  • AvailabilityHigh

What an attacker needs

  • Access: Reachable over the network — no local access needed
  • Privileges: Requires a low-privilege account
  • User interaction: No user interaction needed
  • Complexity: No special conditions — reliably repeatable
  • Requirements: No special attack requirements

✓ lowers the bar for an attacker · ⚠ raises it

Affected

Vendors Vllm Red Hat

Products Vllm Red Hat Ai Inference Server Red Hat Enterprise Linux Ai (Rhel Ai) 3 Red Hat Openshift Ai (Rhoai)

Weakness (CWE)

  • CWE-20: Improper input validation
  • CWE-787: Out-of-bounds write

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Sources: NVD · CVE.org · EPSS