CVE-2026-22773
Unknown Unknown - Not Provided
Runtime Error Crash in vLLM Idefics3 Vision Model Server

Publication date: 2026-01-10

Last updated on: 2026-01-10

Assigner: GitHub, Inc.

Description
vLLM is an inference and serving engine for large language models (LLMs). In versions from 0.6.4 to before 0.12.0, users can crash the vLLM engine serving multimodal models that use the Idefics3 vision model implementation by sending a specially crafted 1x1 pixel image. This causes a tensor dimension mismatch that results in an unhandled runtime error, leading to complete server termination. This issue has been patched in version 0.12.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-10
Last Modified
2026-01-10
Generated
2026-06-16
AI Q&A
2026-01-11
EPSS Evaluated
2026-06-15
NVD
CVE-2026-22773
EUVD
EUVD-2026-1865
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
vllm_project vllm From 0.6.4 (inc) to 0.12.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability causes a denial-of-service (DoS) by crashing the vLLM engine, leading to high availability loss. However, it does not impact confidentiality or integrity of data. Therefore, it primarily affects availability aspects of compliance but does not directly compromise personal data or protected health information. Organizations relying on vLLM should consider the availability impact in their compliance risk assessments, but no direct violation of standards like GDPR or HIPAA confidentiality or integrity requirements is indicated. [1]

Executive Summary

This vulnerability is a denial-of-service (DoS) issue in the vLLM engine serving multimodal models using the Idefics3 vision model implementation, affecting versions 0.6.4 to before 0.12.0. When the engine receives a specially crafted 1x1 pixel image, it misinterprets the image dimensions, causing a tensor split operation to fail with a runtime error. This unhandled error crashes the server, terminating the engine process and causing a denial of service. [1]

Impact Analysis

The vulnerability can cause the vLLM server to crash and terminate unexpectedly when processing certain malformed images, leading to a denial of service. This results in high availability loss of the service, potentially disrupting any applications or systems relying on the vLLM engine for inference with multimodal models using the Idefics3 architecture. [1]

Detection Guidance

Detection can involve monitoring for server crashes or unhandled runtime errors related to tensor dimension mismatches in the vLLM engine serving multimodal models using the Idefics3 vision model. Specifically, look for RuntimeError messages like "split_with_sizes expects split_sizes to sum exactly to 9 but got split_sizes=[17]" in logs. Additionally, sending a specially crafted 1x1 pixel image (shape (1,1,3)) to the vLLM service and observing if it crashes can confirm the vulnerability. There are no specific commands provided, but monitoring logs for the described RuntimeError and testing with crafted inputs can help detect the issue. [1]

Mitigation Strategies

Immediate mitigation steps include upgrading the vLLM package to version 0.12.0 or later, where the issue is fixed. If upgrading is not immediately possible, implement input validation to ensure image inputs meet minimum size requirements before processing, rejecting images smaller than the threshold (e.g., 1x1 pixel). Additionally, manage exceptions around the tensor split operation by catching RuntimeErrors, logging the failure, and raising controlled errors to prevent server crashes. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22773. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart