cbcvebase.
CVE-2026-5497
published 2026-06-11

CVE-2026-5497: vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS) attack due to unbounded frame count processing in the…

PriorityP346high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.54%
41.5th percentile
vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS) attack due to unbounded frame count processing in the `VideoMediaIO.load_base64()` method. When processing `video/jpeg` data URLs, the method splits the base64 data string on commas to extract individual JPEG frames without enforcing a frame count limit. An attacker can exploit this by crafting a single API request containing thousands of comma-separated base64-encoded JPEG frames in a data URL, causing the server to decode all frames into memory and crash due to excessive memory consumption. This vulnerability is reachable via the OpenAI-compatible chat completions API and does not require authentication.

Affected

32 ranges· showing 25
VendorProductVersion rangeFixed in
linuxlinux_kernel>= 6.12.0 < 6.12.746.12.74
linuxlinux_kernel>= 6.13.0 < 6.18.136.18.13
rhaiivllm-cpu-rhel9
rhaiivllm-cuda-rhel9
rhaiivllm-gaudi-rhel9
rhaiivllm-neuron-rhel9
rhaiivllm-rocm-rhel9
rhaiivllm-spyre-rhel9
rhaiivllm-tpu-rhel9
rhaiisvllm-cpu-rhel9
rhaiisvllm-cuda-rhel9
rhaiisvllm-neuron-rhel9
rhaiisvllm-rocm-rhel9
rhaiisvllm-spyre-rhel9
rhaiisvllm-tpu-rhel9
rhelai3bootc-aws-cuda-rhel9
rhelai3bootc-azure-cuda-rhel9
rhelai3bootc-azure-rocm-rhel9
rhelai3bootc-cuda-rhel9
rhelai3bootc-gaudi-rhel9
rhelai3bootc-gcp-cuda-rhel9
rhelai3bootc-rocm-rhel9
rhoaiodh-kserve-agent-rhel9
rhoaiodh-kserve-controller-rhel9
rhoaiodh-kserve-router-rhel9

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.