{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T15:00:24.149","vulnerabilities":[{"cve":{"id":"CVE-2024-11041","sourceIdentifier":"security@huntr.dev","published":"2025-03-20T10:15:23.420","lastModified":"2025-07-31T14:48:32.163","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"vllm-project vllm version v0.6.2 contains a vulnerability in the MessageQueue.dequeue() API function. The function uses pickle.loads to parse received sockets directly, leading to a remote code execution vulnerability. An attacker can exploit this by sending a malicious payload to the MessageQueue, causing the victim's machine to execute arbitrary code."},{"lang":"es","value":"vllm-project vllm versión v0.6.2 contiene una vulnerabilidad en la función de la API MessageQueue.dequeue(). Esta función utiliza pickle.loads para analizar directamente los sockets recibidos, lo que genera una vulnerabilidad de ejecución remota de código. Un atacante puede explotar esto enviando un payload a MessageQueue, lo que provoca que el equipo de la víctima ejecute código arbitrario."}],"metrics":{"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vllm:vllm:0.6.2:*:*:*:*:*:*:*","matchCriteriaId":"5C723AC6-7D43-4776-B486-9F870A5645A6"}]}]}],"references":[{"url":"https://huntr.com/bounties/00136195-11e0-4ad0-98d5-72db066e867f","source":"security@huntr.dev","tags":["Exploit","Third Party Advisory"]}]}}]}