CVE Catalog

CVE-2026-44223

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.37%

28th percentile - higher than 28% of all known CVEs

Summary

vLLM is an inference and serving engine for large language models. From versions 0.18.0 to before 0.20.0, the extract_hidden_states function in vLLM returns a tensor with an incorrect shape after the first decode step, leading to a RuntimeError and crashing the EngineCore process.

Risk Assessment

Server crashes can lead to service downtime related to language models, affecting the organization's operational continuity. A single request with a penalty parameter is sufficient to trigger a crash.

Recommendation

It is recommended to update vLLM to version 0.20.0 to mitigate this vulnerability. Additionally, monitor the use of penalty parameters in requests.

Original NVD description (English source)

vLLM is an inference and serving engine for large language models (LLMs). From 0.18.0 to before 0.20.0, the extract_hidden_states speculative decoding proposer in vLLM returns a tensor with an incorrect shape after the first decode step, causing a RuntimeError that crashes the EngineCore process. The crash is triggered when any request in the batch uses sampling penalty parameters (repetition_penalty, frequency_penalty, or presence_penalty). A single request with a penalty parameter (e.g., "repetition_penalty": 1.1) is sufficient to crash the server. This vulnerability is fixed in 0.20.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS