CVE-2026-56340

EUVD-2026-38129

20.06.2026, 19:16

vLLM versions >= 0.10.2 and < 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests with malformed (negative or out-of-bounds) tensor indices, when the prompt-embeds feature is enabled, to trigger crashes or resource exhaustion (denial of service), with potential for out-of-bounds/write-what-where memory corruption. This continues CVE-2025-62164, whose prior fix only disabled the feature by default rather than addressing the root cause.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
VulnCheck	CNA	8.8 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
vllm	vllm	0.10.2 ≤ 𝑥 < 0.13.0	CNA

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

https://github.com/vllm-project/vllm/security/advisories/GHSA-mcmc-2m55-j8jj

https://www.vulncheck.com/advisories/vllm-denial-of-service-via-unvalidated-multimodal-embeddings