CVE-2026-44222
Description
vLLM is an inference and serving engine for large language models (LLMs). From 0.6.1 to before 0.20.0, there is a a Token Injection vulnerability in vLLM’s multimodal processing. Unauthenticated, text-only prompts that spell special tokens are interpreted as control. Image and video placeholder sequences supplied without matching data cause vLLM to index into empty grids during input-position computation, raising an unhandled IndexError and terminating the worker or degrading availability. Multimodal paths that rely on image_grid_thw/video_grid_thw are affected. This vulnerability is fixed in 0.20.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
vllmPyPI | >= 0.6.1, < 0.20.0 | 0.20.0 |
Affected products
4- osv-coords2 versions
< 25.11-r7+ 1 more
- (no CPE)range: < 25.11-r7
- (no CPE)range: >= 0.6.1, < 0.20.0
Patches
Vulnerability mechanics
References
4- github.com/vllm-project/vllm/security/advisories/GHSA-hpv8-x276-m59fnvdExploitVendor AdvisoryWEB
- github.com/advisories/GHSA-hpv8-x276-m59fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-44222ghsaADVISORY
- github.com/vllm-project/vllm/issues/32656nvdIssue TrackingWEB
News mentions
0No linked articles in our index yet.