CVE-2026-54234
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
06/07/2026
Last modified:
07/07/2026
Description
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, a frontend-legal multi-request speculative decoding workload can cause the rejection sampler to produce a recovered token equal to the model vocabulary size boundary value, which is then converted to negative one when the engine selects the next live token for a request and is written back into the drafter's input ids; that out-of-vocabulary value is later consumed by the model's embedding and attention path and crashes the engine worker with a GPU device-side assertion. The same triggering request sequence is reachable through the public gRPC Generate and Abort endpoints, so a remote client that can send generation requests can crash the shared engine worker, aborting concurrent requests and causing a service-wide denial of service for other clients of the deployment until the worker is restarted. This issue is fixed in version 0.24.0.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:* | 0.24.0 (excluding) |
To consult the complete list of CPE names with products and versions, see this page



