CVE-2026-55646
Received Received - Intake

Memory Exhaustion in vLLM Audio Transcription Routes

Vulnerability report for CVE-2026-55646, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-06

Last updated on: 2026-07-06

Assigner: GitHub, Inc.

Description

vLLM is an inference and serving engine for large language models. From 0.22.0 to 0.23.0, the /v1/audio/transcriptions and /v1/audio/translations routes call request.file.read() to fully materialize an uploaded audio file into memory before vLLM checks the documented VLLM_MAX_AUDIO_CLIP_FILESIZE_MB compressed upload size limit (default 25 MB) later in the speech-to-text preprocessing step, so an API caller who can reach those routes can submit an oversized multipart upload and cause vLLM to allocate memory proportional to the uploaded file size before the request is rejected as too large, creating memory pressure or terminating the process depending on deployment resource limits. This issue is fixed in version 0.24.0.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-06
Last Modified
2026-07-06
Generated
2026-07-07
AI Q&A
2026-07-06
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
vllm_project vllm to 0.23.0 (inc)
vllm_project vllm 0.24.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The vulnerability CVE-2026-55646 affects the vLLM project versions 0.22.0 to 0.23.0 in the speech-to-text API routes (/v1/audio/transcriptions and /v1/audio/translations). These routes read the entire uploaded audio file into memory before enforcing the documented upload size limit (default 25 MB). This means an attacker can upload an oversized audio file, causing vLLM to allocate memory proportional to the file size before rejecting the request, potentially leading to excessive memory consumption.

This memory allocation can create memory pressure or even terminate the process depending on the deployment's resource limits. The issue was fixed in version 0.24.0 by introducing a chunked read mechanism that enforces the upload size limit early, preventing oversized files from being fully loaded into memory.

Impact Analysis

This vulnerability can impact you by causing memory exhaustion on the system running vLLM. When an attacker uploads an oversized audio file, the system allocates memory proportional to the file size before rejecting it, which can lead to high memory usage.

Such memory pressure can degrade system performance, cause denial of service by exhausting available memory, or even terminate the vLLM process depending on resource limits in place.

Detection Guidance

This vulnerability can be detected by monitoring for unusually large or oversized multipart uploads to the /v1/audio/transcriptions and /v1/audio/translations API routes in vLLM versions 0.22.0 to 0.23.0. Since the issue involves memory allocation proportional to the uploaded file size before size validation, signs of memory pressure or process termination during such uploads may indicate exploitation attempts.

To detect attempts to exploit this vulnerability, you can inspect HTTP request logs for large Content-Length headers or multipart uploads targeting these routes.

Suggested commands include using network monitoring or log analysis tools to filter requests by URL and size, for example:

  • Using grep to find large uploads in logs: grep -E '/v1/audio/(transcriptions|translations)' access.log | awk '$10 > 25000000' # assuming $10 is the Content-Length or size field
  • Using tcpdump or Wireshark to capture and analyze HTTP POST requests to these endpoints and check for large payloads.
  • Monitoring system memory usage spikes correlated with requests to these API routes.
Mitigation Strategies

Immediate mitigation steps include upgrading vLLM to version 0.24.0 or later, where the vulnerability is fixed by enforcing the audio upload size limit before fully reading the file into memory.

If upgrading is not immediately possible, you can mitigate the risk by configuring body-size limits at the reverse proxy or ASGI server layer to reject oversized uploads before they reach the application.

Additionally, monitoring and blocking requests with large Content-Length headers targeting the vulnerable routes can help reduce exploitation attempts.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-55646. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart