vLLM 0.10.2-0.12.x Missing Sparse Tensor Validation, Potential DoS
CVE-2026-56340 Published on June 20, 2026
vLLM - Denial of Service via Unvalidated Multimodal Embeddings
vLLM versions >= 0.10.2 and < 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests with malformed (negative or out-of-bounds) tensor indices, when the prompt-embeds feature is enabled, to trigger crashes or resource exhaustion (denial of service), with potential for out-of-bounds/write-what-where memory corruption. This continues CVE-2025-62164, whose prior fix only disabled the feature by default rather than addressing the root cause.
Vulnerability Analysis
CVE-2026-56340 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Products Associated with CVE-2026-56340
Want to know whenever a new CVE is published for Vllm? stack.watch will email you.
Affected Versions
vLLM:- Version 0.10.2 and below 0.13.0 is affected.
- Version 0.13.0 is unaffected.