cbcvebase.
CVE-2026-47155
published 2026-06-22

CVE-2026-47155: vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.0, vLLM's revision pinning controls do not consistently apply to all…

PriorityP337medium6.5CVSS 3.1
AVNACHPRNUINSUCLIHAN
EPSS
0.15%
4.3th percentile
vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.0, vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies --revision or --code-revision can still load dynamic code, GGUF files, image processors, retrieval side weights, or same-repository subfolder weights/config from an unpinned/default revision. This is a supply-chain integrity issue for pinned vLLM deployments. Operators can believe they are serving a reviewed model revision while vLLM resolves behavior-affecting nested or sibling artifacts outside that reviewed revision. This vulnerability is fixed in 0.22.0.

Affected

24 ranges
VendorProductVersion rangeFixed in
rhaiivllm-cpu-rhel9
rhaiivllm-cuda-rhel9
rhaiivllm-gaudi-rhel9
rhaiivllm-neuron-rhel9
rhaiivllm-rocm-rhel9
rhaiivllm-spyre-rhel9
rhaiivllm-tpu-rhel9
rhaiisvllm-cpu-rhel9
rhaiisvllm-cuda-rhel9
rhaiisvllm-neuron-rhel9
rhaiisvllm-rocm-rhel9
rhaiisvllm-spyre-rhel9
rhaiisvllm-tpu-rhel9
rhelai3bootc-aws-cuda-rhel9
rhelai3bootc-azure-cuda-rhel9
rhelai3bootc-azure-rocm-rhel9
rhelai3bootc-cuda-rhel9
rhelai3bootc-gaudi-rhel9
rhelai3bootc-gcp-cuda-rhel9
rhelai3bootc-rocm-rhel9
rhoaiodh-vllm-gaudi-rhel9
vllm-projectvllm< 0.22.00.22.0
vllmvllm< 0.22.00.22.0
vllmvllm>= 0 < 0.22.00.22.0

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.