vLLM <0.22.0: Assert in Activation Fxn Loading Enables AAE
CVE-2026-41523 Published on June 22, 2026
vLLM: Security Check Bypass via assert Statement in Activation Function Loading Allows Arbitrary Code Execution
vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.0, an assert-based security check in vLLM's activation function loading allows any unauthenticated attacker to achieve arbitrary code execution on the server by publishing a malicious HuggingFace model, when vLLM runs in Python optimized mode (python -O or PYTHONOPTIMIZE=1). This vulnerability is fixed in 0.22.0.
Vulnerability Analysis
CVE-2026-41523 can be exploited with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Types
What is a Code Injection Vulnerability?
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
CVE-2026-41523 has been classified to as a Code Injection vulnerability or weakness.
What is an assertion failure Vulnerability?
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
CVE-2026-41523 has been classified to as an assertion failure vulnerability or weakness.
Products Associated with CVE-2026-41523
Want to know whenever a new CVE is published for Red Hat products? stack.watch will email you.
Affected Versions
vllm-project vllm:- Version < 0.22.0 is affected.