DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2026-34760: CVE-2026-34760: Adversarial Prompt Injection via Unweighted Audio Downmixing in vLLM

CVE-2026-34760: Adversarial Prompt Injection via Unweighted Audio Downmixing in vLLM

Vulnerability ID: CVE-2026-34760
CVSS Score: 5.9
Published: 2026-07-17

An improper input validation vulnerability (CWE-20) exists in vLLM versions 0.5.5 through 0.17.2 when processing multi-channel audio tracks. By relying on librosa's flat arithmetic mean instead of physical downmixing standards, vLLM blends sub-audible low-frequency or surround channels with equal weight. This enables an attacker to inject adversarial prompt sequences that bypass human moderation but are parsed clearly by speech-to-text models.

TL;DR

vLLM prior to 0.18.0 downmixes multi-channel audio using an unweighted mathematical mean, allowing hidden voice commands to be injected into models via physically inaudible channels.


⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-20 (Improper Input Validation)
  • Attack Vector: Network (AV:N)
  • CVSS v3.1 Score: 5.9 (Medium)
  • EPSS Score: 0.00267 (18.46th percentile)
  • Impact: High Integrity, Low Availability
  • Exploit Status: Proof-of-Concept
  • KEV Status: Not Listed

Affected Systems

  • vLLM inference and serving engine
  • vllm: >= 0.5.5, < 0.18.0 (Fixed in: 0.18.0)

Mitigation Strategies

  • Upgrade to vLLM 0.18.0 or higher
  • Implement layout-aware gateway downmixing using FFmpeg
  • Enforce high-pass filters on ingested audio to strip sub-audible payloads

Remediation Steps:

  1. Run 'pip install --upgrade vllm>=0.18.0' in your environment.
  2. Preprocess audio inputs with FFmpeg: 'ffmpeg -i input.wav -ac 1 -af highpass=f=80 output.wav'.
  3. Monitor incoming multi-channel uploads for anomalous auxiliary or LFE track energy.

References


Read the full report for CVE-2026-34760 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)