vLLM 0.10.2-0.12.x Missing Sparse Tensor Validation, Potential DoS
CVE-2026-56340 Published on June 20, 2026

vLLM - Denial of Service via Unvalidated Multimodal Embeddings
vLLM versions >= 0.10.2 and < 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests with malformed (negative or out-of-bounds) tensor indices, when the prompt-embeds feature is enabled, to trigger crashes or resource exhaustion (denial of service), with potential for out-of-bounds/write-what-where memory corruption. This continues CVE-2025-62164, whose prior fix only disabled the feature by default rather than addressing the root cause.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2026-56340 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Types

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

What is a Memory Corruption Vulnerability?

The software writes data past the end, or before the beginning, of the intended buffer. Typically, this can result in corruption of data, a crash, or code execution. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent write operation then produces undefined or unexpected results.

CVE-2026-56340 has been classified to as a Memory Corruption vulnerability or weakness.


Products Associated with CVE-2026-56340

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2026-56340 are published in these products:

 
 
 
 

Affected Versions

vLLM: Red Hat AI Inference Server: Red Hat AI Inference Server: Red Hat AI Inference Server: Red Hat AI Inference Server: Red Hat AI Inference Server: Red Hat AI Inference Server: Red Hat AI Inference Server: Red Hat AI Inference Server: Red Hat AI Inference Server: Red Hat AI Inference Server: Red Hat AI Inference Server: Red Hat AI Inference Server: Red Hat AI Inference Server: Red Hat Enterprise Linux AI (RHEL AI) 3: Red Hat Enterprise Linux AI (RHEL AI) 3: Red Hat Enterprise Linux AI (RHEL AI) 3: Red Hat Enterprise Linux AI (RHEL AI) 3: Red Hat Enterprise Linux AI (RHEL AI) 3: Red Hat Enterprise Linux AI (RHEL AI) 3: Red Hat Enterprise Linux AI (RHEL AI) 3: Red Hat OpenShift AI (RHOAI): Red Hat OpenShift AI (RHOAI): Red Hat OpenShift AI (RHOAI): Red Hat OpenShift AI (RHOAI): Red Hat OpenShift AI (RHOAI): Red Hat OpenShift AI (RHOAI):