1  info:
 2    name: vllm
 3    cve: CVE-2026-24779
 4    summary: vLLM is vulnerable to Server-Side Request Forgery (SSRF) through the MediaConnector due to differing URL parsing behaviors.
 5    details: |
 6      A Server-Side Request Forgery (SSRF) vulnerability exists in the `MediaConnector` class within the vLLM project's multimodal feature set. The `load_from_url` and `load_from_url_async` methods process media from user-provided URLs. The vulnerability arises because `urllib.urlparse` and `urllib3.parse_url` (used by `requests`) handle backslashes differently, allowing an attacker to bypass hostname restrictions. This enables the vLLM server to make arbitrary requests to internal network resources, which is particularly critical in containerized environments like `llm-d`, potentially leading to internal network scanning, interaction with other pods, Denial of Service, or access to sensitive data.
 7    cvss: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
 8    severity: HIGH
 9    security_advise: |
10      1. Upgrade vLLM to version 0.14.1 or later.
11      2. Review and implement network segmentation to limit the impact of potential SSRF vulnerabilities.
12  rule: version > "0" && version < "0.14.1"
13  references:
14    - https://github.com/vllm-project/vllm/security/advisories/GHSA-qh4c-xf7m-gxfc
15    - https://nvd.nist.gov/vuln/detail/CVE-2026-24779
16    - https://github.com/vllm-project/vllm/pull/32746
17    - https://github.com/vllm-project/vllm/commit/f46d576c54fb8aeec5fc70560e850bed38ef17d7
18    - https://github.com/vllm-project/vllm