DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2026-55646: CVE-2026-55646: Remote Denial of Service via Memory Exhaustion in vLLM Speech-to-Text Endpoints

CVE-2026-55646: Remote Denial of Service via Memory Exhaustion in vLLM Speech-to-Text Endpoints

Vulnerability ID: CVE-2026-55646
CVSS Score: 6.5
Published: 2026-07-17

A severe denial-of-service (DoS) vulnerability exists in the speech-to-text API endpoints of the vLLM serving engine from version 0.22.0 to 0.23.0. The flaw is triggered by the direct deserialization and reading of uploaded files into RAM prior to validating file-size limits. An authenticated attacker can exploit this behavior by submitting large file payloads, causing resource starvation and forcing the operating system kernel to terminate the serving process.

TL;DR

vLLM version 0.22.0 through 0.23.0 allocates system RAM for file uploads before validating size constraints. Attackers can exploit this to trigger out-of-memory (OOM) crashes on the serving host, causing a complete denial of service.


⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-400, CWE-770
  • Attack Vector: Network (Remote)
  • CVSS v3.1: 6.5 (Medium)
  • Exploit Maturity: PoC / Known Mechanics
  • Impact: Denial of Service (DoS)
  • KEV Status: Not Listed

Affected Systems

  • vLLM Serving Engine running on PyPI ecosystem
  • vllm: >= 0.22.0, < 0.24.0 (Fixed in: 0.24.0)

Code Analysis

Commit: b997071

Implement read_upload_with_limit helper to validate size constraints during ingestion

Mitigation Strategies

  • Upgrade the vLLM library to version 0.24.0 or higher.
  • Set strict client body-size limits on fronting proxy servers (e.g., Nginx client_max_body_size).
  • Configure cgroup memory limits to prevent complete host crash and enable automated restarts.
  • Disable the speech-to-text endpoints if your deployment only requires text generation models.

Remediation Steps:

  1. Identify all deployments running vLLM within the version range of 0.22.0 to 0.23.1.
  2. Modify dependencies or Dockerfiles to specify vllm>=0.24.0.
  3. If utilizing Nginx, configure the configuration file to include client_max_body_size 25M under the server or location blocks.
  4. Verify the configuration by sending a test payload larger than 25 MB to confirm that the request is rejected with an HTTP 413 or validation exception.

References


Read the full report for CVE-2026-55646 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)