CVE-2026-24779Server-Side Request Forgery in Vllm

CWE-918Server-Side Request ForgeryCWE-474Use of Function with Inconsistent Implementations8 documents5 sources
Severity
9.8CRITICALNVD
NVD7.1
EPSS
0.0%
top 95.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
VllmVllm-project Vllm
Timeline
PublishedJan 27
Latest updateMar 9

Description

vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.14.1, a Server-Side Request Forgery (SSRF) vulnerability exists in the `MediaConnector` class within the vLLM project's multimodal feature set. The load_from_url and load_from_url_async methods obtain and process media from URLs provided by users, using different Python parsing libraries when restricting the target host. These two parsing libraries have different interpretations of backslashes, which all

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:LExploitability: 2.8 | Impact: 4.2

Affected Packages3 packages

CVEListV5vllm-project/vllm>= 0.15.1, < 0.17.0
NVDvllm/vllm0.15.10.17.0+1
PyPIvllm/vllm< 0.14.1

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
vLLM vulnerable to Server-Side Request Forgery (SSRF) through MediaConnector2026-01-28
OSV
vLLM vulnerable to Server-Side Request Forgery (SSRF) through MediaConnector2026-01-28

📋Vendor Advisories

2
Red Hat
vLLM: vLLM: Server-Side Request Forgery bypass via inconsistent URL parsing2026-03-09
Red Hat
vLLM: vLLM: Server-Side Request Forgery allows internal network access2026-01-27

🕵️Threat Intelligence

2
Wiz
CVE-2026-25960 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-24779 Impact, Exploitability, and Mitigation Steps | Wiz