VYPR

Docker Model Runner (vllm-metal)

by Docker

CVEs (1)

  • CVE-2026-5817HigMay 22, 2026
    risk 0.53cvss 8.2epss 0.00

    The vllm-metal inference backend in Docker Model Runner on macOS unconditionally sets trust_remote_code=True when loading model tokenizers, and runs without sandboxing. This causes transformers.AutoTokenizer.from_pretrained() to import and execute arbitrary Python files included…