CVE-2026-54233
Received Received - Intake
Memory Corruption in vLLM Audio Transcription

Publication date: 2026-06-22

Last updated on: 2026-06-22

Assigner: GitHub, Inc.

Description
vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, vLLM's /v1/audio/transcriptions endpoint limits compressed upload size but not decoded PCM output. A 25MB OPUS file expands to ~14.9GB of float32 PCM at decode time. This vulnerability is fixed in 0.23.1rc0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-22
Last Modified
2026-06-22
Generated
2026-06-23
AI Q&A
2026-06-23
EPSS Evaluated
N/A
NVD
CVE-2026-54233
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
llm vllm to 0.23.1rc0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-409 The product does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability exists in vLLM, an inference and serving engine for large language models, specifically in versions prior to 0.23.1rc0. The issue is with the /v1/audio/transcriptions endpoint, which limits the size of compressed audio uploads but does not limit the size of the decoded PCM output. For example, a 25MB OPUS audio file can expand to approximately 14.9GB of float32 PCM data when decoded, potentially causing resource exhaustion.

Impact Analysis

This vulnerability can lead to a denial of service (DoS) condition by exhausting system resources such as memory or processing power due to the large expansion of audio data during decoding. An attacker could exploit this by sending a relatively small compressed audio file that expands to a very large size, overwhelming the system and causing it to become unresponsive or crash.

Mitigation Strategies

To mitigate this vulnerability, upgrade vLLM to version 0.23.1rc0 or later, where the issue with the /v1/audio/transcriptions endpoint has been fixed.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-54233. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart