vLLM is an inference and serving engine for large language models (LLMs). The SSRF protection fix for CVE-2026-24779 add in 0.15.1 can be bypassed in the load_from_url_async method due to inconsistent URL parsing behavior between the validation layer and the actual HTTP client. The SSRF fix uses urllib3.util.parse_url() to validate and extract the hostname from user-provided URLs.
However, load_from_url_async uses aiohttp for making the actual HTTP requests, and aiohttp internally uses the yarl library for URL parsing. This vulnerability in 0.17.0.
Attack Parameters
Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed
Impact Assessment
Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service
CVSS Vector v3.1
Weakness Type (CWE)
Vulnerable Products 1
| Configuration | From (including) | Up to (excluding) |
|---|---|---|
|
Vllm Vllm
cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*
|
0.15.1
|
0.17.0
|
References 4
https://github.com/vllm-project/vllm/commit/6f3b2047abd4a748e3db4a68543f8221358…
security-advisories@github.com
https://github.com/vllm-project/vllm/pull/34743
security-advisories@github.com
https://github.com/vllm-project/vllm/security/advisories/GHSA-qh4c-xf7m-gxfc
security-advisories@github.com
https://github.com/vllm-project/vllm/security/advisories/GHSA-v359-jj2v-j536
security-advisories@github.com