CVE-2026-54234
Received Received - Intake

Speculative Decoding Engine Crash in vLLM

Vulnerability report for CVE-2026-54234, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-06

Last updated on: 2026-07-06

Assigner: GitHub, Inc.

Description

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, a frontend-legal multi-request speculative decoding workload can cause the rejection sampler to produce a recovered token equal to the model vocabulary size boundary value, which is then converted to negative one when the engine selects the next live token for a request and is written back into the drafter's input ids; that out-of-vocabulary value is later consumed by the model's embedding and attention path and crashes the engine worker with a GPU device-side assertion. The same triggering request sequence is reachable through the public gRPC Generate and Abort endpoints, so a remote client that can send generation requests can crash the shared engine worker, aborting concurrent requests and causing a service-wide denial of service for other clients of the deployment until the worker is restarted. This issue is fixed in version 0.24.0.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-06
Last Modified
2026-07-06
Generated
2026-07-07
AI Q&A
2026-07-07
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-1284 The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in vLLM, a high-throughput and memory-efficient inference and serving engine for large language models (LLMs). Prior to version 0.24.0, a specific multi-request speculative decoding workload can cause the engine's rejection sampler to produce an invalid token value equal to the model vocabulary size boundary. This invalid token is then converted to negative one when selecting the next token, which is written back into the drafter's input IDs. When this out-of-vocabulary token is later processed by the model's embedding and attention mechanisms, it triggers a GPU device-side assertion failure that crashes the engine worker.

Because the triggering request sequence can be sent through the public gRPC Generate and Abort endpoints, a remote client able to send generation requests can cause the shared engine worker to crash. This aborts concurrent requests and results in a service-wide denial of service until the worker is restarted.

This issue was fixed in version 0.24.0 of vLLM.

Impact Analysis

The vulnerability can be exploited remotely by a client sending specially crafted generation requests to the vLLM engine. This causes the engine worker to crash due to a GPU assertion failure.

As a result, all concurrent requests handled by that worker are aborted, leading to a denial of service (DoS) condition for all users relying on that shared engine worker.

The service remains unavailable until the worker is manually or automatically restarted, potentially causing downtime and disruption of service.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade vLLM to version 0.24.0 or later, where the issue is fixed.

Until the upgrade is applied, be aware that remote clients able to send generation requests via the public gRPC Generate and Abort endpoints can crash the engine worker, causing a denial of service.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-54234. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart