{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T07:59:29.533","vulnerabilities":[{"cve":{"id":"CVE-2026-22773","sourceIdentifier":"security-advisories@github.com","published":"2026-01-10T07:16:03.527","lastModified":"2026-01-27T21:03:47.017","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"vLLM is an inference and serving engine for large language models (LLMs). In versions from 0.6.4 to before 0.12.0, users can crash the vLLM engine serving multimodal models that use the Idefics3 vision model implementation by sending a specially crafted 1x1 pixel image. This causes a tensor dimension mismatch that results in an unhandled runtime error, leading to complete server termination. This issue has been patched in version 0.12.0."},{"lang":"es","value":"vLLM es un motor de inferencia y servicio para modelos de lenguaje grandes (LLMs). En versiones desde la 0.6.4 hasta antes de la 0.12.0, los usuarios pueden colapsar el motor vLLM que sirve modelos multimodales que utilizan la implementación del modelo de visión Idefics3 enviando una imagen de 1x1 píxel especialmente diseñada. Esto causa un desajuste de dimensión de tensor que resulta en un error de tiempo de ejecución no manejado, lo que lleva a la terminación completa del servidor. Este problema ha sido parcheado en la versión 0.12.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*","versionStartIncluding":"0.6.4","versionEndExcluding":"0.12.0","matchCriteriaId":"824D7904-D175-4B2E-A661-EBCA035697DC"}]}]}],"references":[{"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-grg2-63fw-f2qr","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}