CVE-2026-34760: Adversarial Prompt Injection via Unweighted Audio Downmixing in vLLM
Vulnerability ID: CVE-2026-34760
CVSS Score: 5.9
Published: 2026-07-17
An improper input validation vulnerability (CWE-20) exists in vLLM versions 0.5.5 through 0.17.2 when processing multi-channel audio tracks. By relying on librosa's flat arithmetic mean instead of physical downmixing standards, vLLM blends sub-audible low-frequency or surround channels with equal weight. This enables an attacker to inject adversarial prompt sequences that bypass human moderation but are parsed clearly by speech-to-text models.
TL;DR
vLLM prior to 0.18.0 downmixes multi-channel audio using an unweighted mathematical mean, allowing hidden voice commands to be injected into models via physically inaudible channels.
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-20 (Improper Input Validation)
- Attack Vector: Network (AV:N)
- CVSS v3.1 Score: 5.9 (Medium)
- EPSS Score: 0.00267 (18.46th percentile)
- Impact: High Integrity, Low Availability
- Exploit Status: Proof-of-Concept
- KEV Status: Not Listed
Affected Systems
- vLLM inference and serving engine
-
vllm: >= 0.5.5, < 0.18.0 (Fixed in:
0.18.0)
Mitigation Strategies
- Upgrade to vLLM 0.18.0 or higher
- Implement layout-aware gateway downmixing using FFmpeg
- Enforce high-pass filters on ingested audio to strip sub-audible payloads
Remediation Steps:
- Run 'pip install --upgrade vllm>=0.18.0' in your environment.
- Preprocess audio inputs with FFmpeg: 'ffmpeg -i input.wav -ac 1 -af highpass=f=80 output.wav'.
- Monitor incoming multi-channel uploads for anomalous auxiliary or LFE track energy.
References
- NVD - CVE-2026-34760
- vLLM Security Advisory (GHSA-6c4r-fmh3-7rh8)
- Patch Commit c7f98b4d0a63b32ed939e2b6dfaa8a626e9b46c4
- vLLM Official v0.18.0 Release
Read the full report for CVE-2026-34760 on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)