CVE-2026-22778
vLLM is an inference and serving engine for large language models (LLMs). From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM
CVSS
9.8
Critical
EPSS
3.8%
p89
KEV
—
Exploit Today
27
0-100
Published: Feb 2, 2026 · Last modified: Jul 15, 2026 · CWE-532 · CWE-209
3.8%EPSS · 30 days3.8%
2026-06-302026-07-16
vLLM is an inference and serving engine for large language models (LLMs). From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns this error to the client, leaking a heap address. With this leak, we reduce ASLR from 4 billion guesses to ~8 guesses. This vulnerability can be chained a heap overflow with JPEG2000 decoder in OpenCV/FFmpeg to achieve remote code execution. This vulnerability is fixed in 0.14.1.
- github.comhttps://github.com/vllm-project/vllm/pull/31987
- github.comhttps://github.com/vllm-project/vllm/pull/32319
- github.comhttps://github.com/vllm-project/vllm/releases/tag/v0.14.1
- github.comhttps://github.com/vllm-project/vllm/security/advisories/GHSA-4r2x-xpjr-7cvv
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:19712
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:30087
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:30088
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:30089
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:3461
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:3462
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:3713
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:3782
- access.redhat.comhttps://access.redhat.com/security/cve/CVE-2026-22778
- bugzilla.redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2436113
- security.access.redhat.comhttps://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22778.json
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2023-432617.5 HIG99.0%
——30An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.8dCVE-2026-291467.5 HIG91.3%
——27Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109.
Users are recommended to upgrade to version 11.0.19, 10.1.53 and 9.0.116, which fixes the issue.2dCVE-2026-243087.5 HIG64.0%
——19Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive information stored in client configuration in the client's logfile. Configuration values are exposed at INFO level logging rendering potential production systems affected by the issue. Users are recommended to upgrade to version 3.8.6 or 3.9.5 which fixes this issue.2dCVE-2021-290405.3 MED61.1%
——18The JSON web services in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 20 and 7.2 before fix pack 10 may provide overly verbose error messages, which allows remote attackers to use the contents of error messages to help launch another, more focused attacks via crafted inputs.8dCVE-2017-176755.3 MED54.4%
——16BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking. Remote logging can be accessed by unauthenticated users, allowing for an attacker to hijack the system logs. This data can include user names and HTTP data.8dCVE-2024-236898.8 HIG47.9%
——14Exposure of sensitive information in exceptions in ClichHouse's clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, and com.clickhouse:clickhouse-client versions less than 0.4.6 allows unauthorized users to gain access to client certificate passwords via client exception logs. This occurs when 'sslkey' is specified and an exception, such as a ClickHouseException or SQLException, is thrown during database operations; the certificate password is then included in the logged exception message.2d