Home > Vulnerability Database > CVE-2026-22807

Mend.io Vulnerability Database

CVE-2026-22807

Good to know:

Date: January 21, 2026

vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to version 0.14.0, vLLM loads Hugging Face "auto_map" dynamic modules during model resolution without gating on "trust_remote_code", allowing attacker-controlled Python code in a model repo/path to execute at server startup. An attacker who can influence the model repo/path (local directory or remote Hugging Face repo) can achieve arbitrary code execution on the vLLM host during model load. This happens before any request handling and does not require API access. Version 0.14.0 fixes the issue.

Severity Score

8.8

Related Resources (7)

Url: https://github.com/vllm-project/vllm/pull/32194

Url: https://nvd.nist.gov/vuln/detail/CVE-2026-22807

Url: https://github.com/vllm-project/vllm/releases/tag/v0.14.0

Url: https://github.com/vllm-project/vllm

Url: https://github.com/vllm-project/vllm/security/advisories/GHSA-2pc9-4j83-qjmr

Url: https://github.com/vllm-project/vllm/commit/78d13ea9de4b1ce5e4d8a5af9738fea71fb024e5

Url: https://www.mend.io/vulnerability-database/CVE-2026-22807

Severity Score

8.8

Weakness Type (CWE)

Improper Control of Generation of Code ('Code Injection')

CWE-94

Top Fix

Upgrade Version

Upgrade to version vllm - 0.14.0;https://github.com/vllm-project/vllm.git - v0.14.0

Learn More

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2026-22807

Good to know:

Date: January 21, 2026

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?