CVE-2026-47155: vLLM's Artifact Pin Decay allows pinned deployments to load unpinned code, weights, and processors

June 10, 2026

vLLM’s revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies --revision or --code-revision can still load dynamic code, GGUF files, image processors, retrieval side weights, or same-repository subfolder weights/config from an unpinned/default revision.

This is a supply-chain integrity issue for pinned vLLM deployments. Operators can believe they are serving a reviewed model revision while vLLM resolves behavior-affecting nested or sibling artifacts outside that reviewed revision.

References

github.com/advisories/GHSA-3ww4-5jv9-j5gm
github.com/vllm-project/vllm/security/advisories/GHSA-3ww4-5jv9-j5gm
nvd.nist.gov/vuln/detail/CVE-2026-47155

Code Behaviors & Features

Detect and mitigate CVE-2026-47155 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →