VYPR
High severityNVD Advisory· Published Mar 26, 2026· Updated Mar 27, 2026

vLLM's hardcoded trust_remote_code=True in NemotronVL and KimiK25 bypasses user security opt-out

CVE-2026-27893

Description

vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to version 0.18.0, two model implementation files hardcode trust_remote_code=True when loading sub-components, bypassing the user's explicit --trust-remote-code=False security opt-out. This enables remote code execution via malicious model repositories even when the user has explicitly disabled remote code trust. Version 0.18.0 patches the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
vllmPyPI
>= 0.10.1, < 0.18.00.18.0

Affected products

6

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.