CVE-2026-54234

Severity CVSS v4.0:
Pending analysis
Type:
CWE-20 Input Validation
Publication date:
06/07/2026
Last modified:
07/07/2026

Description

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, a frontend-legal multi-request speculative decoding workload can cause the rejection sampler to produce a recovered token equal to the model vocabulary size boundary value, which is then converted to negative one when the engine selects the next live token for a request and is written back into the drafter's input ids; that out-of-vocabulary value is later consumed by the model's embedding and attention path and crashes the engine worker with a GPU device-side assertion. The same triggering request sequence is reachable through the public gRPC Generate and Abort endpoints, so a remote client that can send generation requests can crash the shared engine worker, aborting concurrent requests and causing a service-wide denial of service for other clients of the deployment until the worker is restarted. This issue is fixed in version 0.24.0.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:* 0.24.0 (excluding)