CVE-2026-25960
HIGHCVSS v3.1: 7.1 · EPSS: 0.0044 (35.0 percentile)
Source data as of:
At a glance
- Severity
- HIGH
- CVSS
- 7.1 v3.1 · NVD
- EPSS
- 0.0044 (35.0 percentile) · FIRST.org
- CISA KEV
- No
- Type
- SSRF · NVD CWE
- Attack conditions (CVSS vector)
- NetworkNo user interaction · Source: NVD Vector
- Affected vendors
- vllm
- Published
- 2026-03-09 · Modified: 2026-06-30
- References
- Jump to references (8)
CVSS / EPSS / KEV
Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources
Description
vLLM is an inference and serving engine for large language models (LLMs). The SSRF protection fix for CVE-2026-24779 add in 0.15.1 can be bypassed in the load_from_url_async method due to inconsistent URL parsing behavior between the validation layer and the actual HTTP client. The SSRF fix uses urllib3.util.parse_url() to validate and extract the hostname from user-provided URLs. However, load_from_url_async uses aiohttp for making the actual HTTP requests, and aiohttp internally uses the yarl library for URL parsing. This vulnerability in 0.17.0.
References
Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.
- Patch https://github.com/vllm-project/vllm/commit/6f3b2047abd4a748e3db4a68543f8221358002c0
- Reference https://github.com/vllm-project/vllm/pull/34743
- Vendor advisory https://github.com/vllm-project/vllm/security/advisories/GHSA-qh4c-xf7m-gxfc
- Vendor advisory https://github.com/vllm-project/vllm/security/advisories/GHSA-v359-jj2v-j536
- Distro https://access.redhat.com/errata/RHSA-2026:24977
- Distro https://access.redhat.com/security/cve/CVE-2026-25960
- Distro https://bugzilla.redhat.com/show_bug.cgi?id=2445892
- Distro https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25960.json