CVE-2026-56340
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk27th percentile — higher than 27% of all known CVEs
Summary
A vulnerability in vLLM versions 0.10.2 through 0.12.9 stems from missing sparse tensor validation in multimodal embeddings processing. Since PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests with malformed (negative or out-of-bounds) tensor indices when the prompt-embeds feature is enabled, leading to crashes, resource exhaustion (denial of service), and potential out-of-bounds/write-what-where memory corruption.
Risk Assessment
The risk includes the possibility of a DoS attack on the vLLM server and potential remote memory corruption, which could lead to unauthorized access or system compromise.
Recommendation
Immediately upgrade vLLM to version 0.13.0 or later, which includes full sparse tensor validation. If upgrading is not possible, disable the prompt-embeds feature.
Original NVD description (English source)
vLLM versions >= 0.10.2 and < 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests with malformed (negative or out-of-bounds) tensor indices, when the prompt-embeds feature is enabled, to trigger crashes or resource exhaustion (denial of service), with potential for out-of-bounds/write-what-where memory corruption. This continues CVE-2025-62164, whose prior fix only disabled the feature by default rather than addressing the root cause.

