Medium severity5.4NVD Advisory· Published Apr 6, 2026· Updated Apr 20, 2026
CVE-2026-34753
CVE-2026-34753
Description
vLLM is an inference and serving engine for large language models (LLMs). From 0.16.0 to before 0.19.0, a server-side request forgery (SSRF) vulnerability in download_bytes_from_url allows any actor who can control batch input JSON to make the vLLM batch runner issue arbitrary HTTP/HTTPS requests from the server, without any URL validation or domain restrictions. This can be used to target internal services (e.g. cloud metadata endpoints or internal HTTP APIs) reachable from the vLLM host. This vulnerability is fixed in 0.19.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
vllmPyPI | >= 0.16.0, < 0.19.0 | 0.19.0 |
Affected products
5- osv-coords4 versionspkg:apk/chainguard/py3.10-vllm-cuda-12.4pkg:apk/chainguard/py3.12-vllm-cuda-12.4pkg:apk/chainguard/vllm-openai-cuda-12.9pkg:pypi/vllm
< 0.18.1-r2+ 3 more
- (no CPE)range: < 0.18.1-r2
- (no CPE)range: < 0.18.1-r2
- (no CPE)range: < 0.19.0-r0
- (no CPE)range: >= 0.16.0, < 0.19.0
Patches
Vulnerability mechanics
References
5- github.com/vllm-project/vllm/security/advisories/GHSA-pf3h-qjgv-vcprnvdPatchVendor AdvisoryWEB
- github.com/advisories/GHSA-pf3h-qjgv-vcprghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-34753ghsaADVISORY
- github.com/vllm-project/vllm/commit/57861ae48d3493fa48b4d7d830b7ec9f995783e7ghsaWEB
- github.com/vllm-project/vllm/pull/38482ghsaWEB
News mentions
0No linked articles in our index yet.