CVE-2026-7141Use of Uninitialized Resource in Vllm-cpu-rhel9

CWE-908Use of Uninitialized Resource4 documents4 sources
Severity
6.3MEDIUMNVD
EPSS
0.0%
top 85.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
19
Rhaiis Vllm-cpu-rhel9Rhaiis Vllm-cuda-rhel9Rhaiis Vllm-neuron-rhel9+16 more
Timeline
PublishedApr 27
Latest updateApr 28

Description

A vulnerability was found in vllm up to 0.19.0. The affected element is the function has_mamba_layers of the file vllm/v1/kv_cache_interface.py of the component KV Block Handler. Performing a manipulation results in uninitialized resource. It is possible to initiate the attack remotely. The attack is considered to have high complexity. The exploitability is described as difficult. The exploit has been made public and could be used. The patch is named 1ad67864c0c20f167929e64c875f5c28e1aad9fd. To

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages19 packages

🔴Vulnerability Details

1
VulDB
vllm up to 0.19.0 KV Block kv_cache_interface.py has_mamba_layers uninitialized resource (Issue 39146)2026-04-26

📋Vendor Advisories

1
Red Hat
vllm: vllm: Uninitialized resource in KV Block Handler via has_mamba_layers function2026-04-27

💬Community

1
Bugzilla
CVE-2026-7141 vllm: vllm: Uninitialized resource in KV Block Handler via has_mamba_layers function2026-04-28
CVE-2026-7141 — Use of Uninitialized Resource | cvebase