vLLM 0.10.2-0.12.x Missing Sparse Tensor Validation, Potential DoS
CVE-2026-56340 Published on June 20, 2026
vLLM - Denial of Service via Unvalidated Multimodal Embeddings
vLLM versions >= 0.10.2 and < 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests with malformed (negative or out-of-bounds) tensor indices, when the prompt-embeds feature is enabled, to trigger crashes or resource exhaustion (denial of service), with potential for out-of-bounds/write-what-where memory corruption. This continues CVE-2025-62164, whose prior fix only disabled the feature by default rather than addressing the root cause.
Vulnerability Analysis
CVE-2026-56340 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Types
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
What is a Memory Corruption Vulnerability?
The software writes data past the end, or before the beginning, of the intended buffer. Typically, this can result in corruption of data, a crash, or code execution. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent write operation then produces undefined or unexpected results.
CVE-2026-56340 has been classified to as a Memory Corruption vulnerability or weakness.
Products Associated with CVE-2026-56340
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2026-56340 are published in these products:
Affected Versions
vLLM:- Version 0.10.2 and below 0.13.0 is affected.
- Version 0.13.0 is unaffected.