CVE-2026-22773
Runtime Error Crash in vLLM Idefics3 Vision Model Server
Publication date: 2026-01-10
Last updated on: 2026-01-10
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| vllm_project | vllm | From 0.6.4 (inc) to 0.12.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability causes a denial-of-service (DoS) by crashing the vLLM engine, leading to high availability loss. However, it does not impact confidentiality or integrity of data. Therefore, it primarily affects availability aspects of compliance but does not directly compromise personal data or protected health information. Organizations relying on vLLM should consider the availability impact in their compliance risk assessments, but no direct violation of standards like GDPR or HIPAA confidentiality or integrity requirements is indicated. [1]
Can you explain this vulnerability to me?
This vulnerability is a denial-of-service (DoS) issue in the vLLM engine serving multimodal models using the Idefics3 vision model implementation, affecting versions 0.6.4 to before 0.12.0. When the engine receives a specially crafted 1x1 pixel image, it misinterprets the image dimensions, causing a tensor split operation to fail with a runtime error. This unhandled error crashes the server, terminating the engine process and causing a denial of service. [1]
How can this vulnerability impact me? :
The vulnerability can cause the vLLM server to crash and terminate unexpectedly when processing certain malformed images, leading to a denial of service. This results in high availability loss of the service, potentially disrupting any applications or systems relying on the vLLM engine for inference with multimodal models using the Idefics3 architecture. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can involve monitoring for server crashes or unhandled runtime errors related to tensor dimension mismatches in the vLLM engine serving multimodal models using the Idefics3 vision model. Specifically, look for RuntimeError messages like "split_with_sizes expects split_sizes to sum exactly to 9 but got split_sizes=[17]" in logs. Additionally, sending a specially crafted 1x1 pixel image (shape (1,1,3)) to the vLLM service and observing if it crashes can confirm the vulnerability. There are no specific commands provided, but monitoring logs for the described RuntimeError and testing with crafted inputs can help detect the issue. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading the vLLM package to version 0.12.0 or later, where the issue is fixed. If upgrading is not immediately possible, implement input validation to ensure image inputs meet minimum size requirements before processing, rejecting images smaller than the threshold (e.g., 1x1 pixel). Additionally, manage exceptions around the tensor split operation by catching RuntimeErrors, logging the failure, and raising controlled errors to prevent server crashes. [1]