CVE Catalog

CVE-2026-56340

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.35%

27th percentile — higher than 27% of all known CVEs

Summary

A vulnerability in vLLM versions 0.10.2 through 0.12.9 stems from missing sparse tensor validation in multimodal embeddings processing. Since PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests with malformed (negative or out-of-bounds) tensor indices when the prompt-embeds feature is enabled, leading to crashes, resource exhaustion (denial of service), and potential out-of-bounds/write-what-where memory corruption.

Risk Assessment

The risk includes the possibility of a DoS attack on the vLLM server and potential remote memory corruption, which could lead to unauthorized access or system compromise.

Recommendation

Immediately upgrade vLLM to version 0.13.0 or later, which includes full sparse tensor validation. If upgrading is not possible, disable the prompt-embeds feature.

Original NVD description (English source)

vLLM versions >= 0.10.2 and < 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests with malformed (negative or out-of-bounds) tensor indices, when the prompt-embeds feature is enabled, to trigger crashes or resource exhaustion (denial of service), with potential for out-of-bounds/write-what-where memory corruption. This continues CVE-2025-62164, whose prior fix only disabled the feature by default rather than addressing the root cause.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS