CVE-2026-27893

EUVD-2026-16478

27.03.2026, 00:16

vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to version 0.18.0, two model implementation files hardcode `trust_remote_code=True` when loading sub-components, bypassing the user's explicit `--trust-remote-code=False` security opt-out. This enables remote code execution via malicious model repositories even when the user has explicitly disabled remote code trust. Version 0.18.0 patches the issue.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.8 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 10%

Affected Products (NVD)

Vendor	Product	Version
vllm	vllm	0.10.1 ≤ 𝑥 < 0.18.0

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-693 - Protection Mechanism Failure
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

References

https://github.com/vllm-project/vllm/commit/00bd08edeee5dd4d4c13277c0114a464011acf72

https://github.com/vllm-project/vllm/pull/36192

https://github.com/vllm-project/vllm/security/advisories/GHSA-7972-pg2x-xr59