CVE-2026-22773: vLLM is vulnerable to DoS in Idefics3 vision models via image payload with ambiguous dimensions

January 13, 2026

Users can crash the vLLM engine serving multimodal models that use the Idefics3 vision model implementation by sending a specially crafted 1x1 pixel image. This causes a tensor dimension mismatch that results in an unhandled runtime error, leading to complete server termination.

References

github.com/advisories/GHSA-grg2-63fw-f2qr
github.com/vllm-project/vllm
github.com/vllm-project/vllm/commit/0ec84221718d920c3f46da879cc354f94b8fb59e
github.com/vllm-project/vllm/pull/29881
github.com/vllm-project/vllm/security/advisories/GHSA-grg2-63fw-f2qr
nvd.nist.gov/vuln/detail/CVE-2026-22773

Code Behaviors & Features

Detect and mitigate CVE-2026-22773 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →