Vulnerabilities
Vulnerable Software
Security Vulnerabilities
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, a frontend-legal multi-request speculative decoding workload can cause the rejection sampler to produce a recovered token equal to the model vocabulary size boundary value, which is then converted to negative one when the engine selects the next live token for a request and is written back into the drafter's input ids; that out-of-vocabulary value is later consumed by the model's embedding and attention path and crashes the engine worker with a GPU device-side assertion. The same triggering request sequence is reachable through the public gRPC Generate and Abort endpoints, so a remote client that can send generation requests can crash the shared engine worker, aborting concurrent requests and causing a service-wide denial of service for other clients of the deployment until the worker is restarted. This issue is fixed in version 0.24.0.
CVSS Score
7.5
EPSS Score
0.003
Published
2026-07-06
Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's BasicAuth, DigestAuth, and ForwardAuth middlewares strip canonical-cased spoofed identity headers before writing Traefik's own value, but do not account for underscore-variant header names, which many backends normalize identically to dashed forms. An attacker able to reach a protected route can inject an underscore-variant header that survives Traefik's stripping and reaches the backend alongside, or on the unauthenticated ForwardAuth authResponseHeaders path instead of, the value Traefik intended to set, spoofing identity or authorization context. This issue is fixed in versions v2.11.51, v3.6.22, and v3.7.6.
CVSS Score
7.8
EPSS Score
0.003
Published
2026-07-06
Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's ForwardAuth middleware, even when configured with trustForwardHeader: false, derives the X-Forwarded-Port header sent to the authentication service from the original incoming request instead of the sanitized forwarded request. As a result, an unauthenticated remote attacker can inject an X-Forwarded-Proto: https header over a plain HTTP connection and cause Traefik to forward X-Forwarded-Port: 443 to the authentication service, bypassing port-based authorization checks. This issue is fixed in versions v2.11.51, v3.6.22, and v3.7.6.
CVSS Score
6.9
EPSS Score
0.003
Published
2026-07-06
Memory Corruption when updating prepared commands with invalid port indices based on user space input exceeds supported read client limits.
CVSS Score
5.3
EPSS Score
0.001
Published
2026-07-06
Memory Corruption when processing invalid HT40 channel layouts during dynamic channel switching operations.
CVSS Score
8.8
EPSS Score
0.001
Published
2026-07-06
Memory Corruption when processing asynchronous input parameters due to improper handling of modified values between check and use.
CVSS Score
7.8
EPSS Score
0.001
Published
2026-07-06
Memory Corruption when parsing jpeg commands due to unaccounted extra writes to the buffer during validation checks.
CVSS Score
5.3
EPSS Score
0.001
Published
2026-07-06
Memory Corruption when handling flash commands due to outdated LED count values being used after userspace modification.
CVSS Score
5.3
EPSS Score
0.001
Published
2026-07-06
Memory Corruption when validating input batch size and buffer plane count exceeds maximum allowed values.
CVSS Score
5.3
EPSS Score
0.001
Published
2026-07-06
Memory Corruption when allocating memory with sizes that exceed the maximum allowed value.
CVSS Score
7.8
EPSS Score
0.001
Published
2026-07-06


Contact Us

Shodan ® - All rights reserved