CVE-2026-56340
Received Received - Intake
Denial of Service in vLLM via Sparse Tensor Validation Bypass

Publication date: 2026-06-20

Last updated on: 2026-06-20

Assigner: VulnCheck

Description
vLLM versions >= 0.10.2 and < 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests with malformed (negative or out-of-bounds) tensor indices, when the prompt-embeds feature is enabled, to trigger crashes or resource exhaustion (denial of service), with potential for out-of-bounds/write-what-where memory corruption. This continues CVE-2025-62164, whose prior fix only disabled the feature by default rather than addressing the root cause.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-20
Last Modified
2026-06-20
Generated
2026-06-20
AI Q&A
2026-06-20
EPSS Evaluated
N/A
NVD
CVE-2026-56340
EUVD
EUVD-2026-38129
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
vllm vllm From 0.10.2 (inc) to 0.13.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-56340 is a vulnerability in vLLM versions 0.10.2 up to but not including 0.13.0, where sparse tensor validation is missing in the multimodal embeddings processing feature called prompt-embeds.

Because PyTorch disables sparse tensor invariant checks by default, attackers can submit specially crafted embedding requests with malformed tensor indices (such as negative or out-of-bounds values). This can cause crashes, resource exhaustion (denial of service), or even memory corruption including out-of-bounds or write-what-where conditions.

This vulnerability is a continuation of CVE-2025-62164, where the previous fix only disabled the feature by default rather than fixing the root cause.

Impact Analysis

This vulnerability can impact you by allowing an attacker to cause denial of service (DoS) through crashes or resource exhaustion when the prompt-embeds feature is enabled.

There is also potential for memory corruption vulnerabilities, such as out-of-bounds writes or write-what-where conditions, which could lead to remote code execution or other serious security breaches.

The attack requires low privileges and no user interaction, making it easier to exploit remotely.

Mitigation Strategies

To mitigate this vulnerability, you should disable the prompt-embeds feature in vLLM if it is currently enabled, as this feature is the attack vector for malformed sparse tensor indices.

Additionally, upgrade vLLM to a version later than 0.13.0 where the root cause is addressed by adding proper sparse tensor validation to ensure indices are valid, non-negative, and within bounds.

Until the fix is applied, avoid enabling the prompt-embeds feature to prevent denial-of-service or potential memory corruption attacks.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-56340. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart