CVE-2026-22778: vLLM has RCE In Video Processing
(updated )
A chain of vulnerabilities in vLLM allow Remote Code Execution (RCE):
- Info Leak - PIL error messages expose memory addresses, bypassing ASLR
- Heap Overflow - JPEG2000 decoder in OpenCV/FFmpeg has a heap overflow that lets us hijack code execution
Result: Send a malicious video URL to vLLM Completions or Invocations for a video model -> Execute arbitrary commands on the server
Completely default vLLM instance directly from pip, or docker, does not have authentication so “None” privileges are required, but even with non-default api-key enabled configuration this exploit is feasible through invocations route that allows payload to execute pre-auth.
Example heap target is provided, other heap targets can be exploited as well to achieve rce. Leak allows for simple ASLR bypass. Leak + heap overflow achieves RCE on versions prior to 0.14.1.
Deployments not serving a video model are not affected.
References
- github.com/advisories/GHSA-4r2x-xpjr-7cvv
- github.com/vllm-project/vllm
- github.com/vllm-project/vllm/pull/31987
- github.com/vllm-project/vllm/pull/32319
- github.com/vllm-project/vllm/releases/tag/v0.14.1
- github.com/vllm-project/vllm/security/advisories/GHSA-4r2x-xpjr-7cvv
- nvd.nist.gov/vuln/detail/CVE-2026-22778
Code Behaviors & Features
Detect and mitigate CVE-2026-22778 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →