Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    Related vulnerabilities

    CVE-2026-55574 (GCVE-0-2026-55574)

    Vulnerability from cvelistv5 – Published: 2026-07-06 20:05 – Updated: 2026-07-06 20:52
    VLAI
    Title
    vLLM: ReDoS via structured_outputs.regex compiled without timeout in xgrammar and outlines backends
    Summary
    vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, the structured_outputs.regex API parameter passes a user-supplied regular expression string directly to the grammar compiler backends with no compilation timeout; in the xgrammar backend the string reaches the regex compiler with no guard, and in the outlines backend the validation step blocks structural issues such as lookarounds and backreferences but performs no complexity analysis, so a pattern with nested quantifiers passes all checks and causes exponential state-space expansion, allowing a single request containing an adversarial regex to hang an inference worker indefinitely and deny service. This issue is fixed in version 0.24.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1333 - Inefficient Regular Expression Complexity
    Assigner
    Impacted products
    Vendor Product Version
    vllm-project vllm Affected: < 0.24.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55574",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T20:52:49.859777Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T20:52:57.336Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "vllm",
              "vendor": "vllm-project",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 0.24.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, the structured_outputs.regex API parameter passes a user-supplied regular expression string directly to the grammar compiler backends with no compilation timeout; in the xgrammar backend the string reaches the regex compiler with no guard, and in the outlines backend the validation step blocks structural issues such as lookarounds and backreferences but performs no complexity analysis, so a pattern with nested quantifiers passes all checks and causes exponential state-space expansion, allowing a single request containing an adversarial regex to hang an inference worker indefinitely and deny service. This issue is fixed in version 0.24.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1333",
                  "description": "CWE-1333: Inefficient Regular Expression Complexity",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-06T20:05:31.003Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/vllm-project/vllm/security/advisories/GHSA-rwxx-mrjm-wc2m",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-rwxx-mrjm-wc2m"
            },
            {
              "name": "https://github.com/vllm-project/vllm/pull/45118",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/vllm-project/vllm/pull/45118"
            },
            {
              "name": "https://github.com/vllm-project/vllm/commit/2b3006076c5e9bc4cda9e03e3641388de3c5c286",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/vllm-project/vllm/commit/2b3006076c5e9bc4cda9e03e3641388de3c5c286"
            }
          ],
          "source": {
            "advisory": "GHSA-rwxx-mrjm-wc2m",
            "discovery": "UNKNOWN"
          },
          "title": "vLLM: ReDoS via structured_outputs.regex compiled without timeout in xgrammar and outlines backends"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55574",
        "datePublished": "2026-07-06T20:05:31.003Z",
        "dateReserved": "2026-06-16T23:11:20.214Z",
        "dateUpdated": "2026-07-06T20:52:57.336Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    PYSEC-2026-2304

    Vulnerability from pysec - Published: 2026-07-06 21:16 - Updated: 2026-07-13 05:52
    VLAI
    Details

    vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, the structured_outputs.regex API parameter passes a user-supplied regular expression string directly to the grammar compiler backends with no compilation timeout; in the xgrammar backend the string reaches the regex compiler with no guard, and in the outlines backend the validation step blocks structural issues such as lookarounds and backreferences but performs no complexity analysis, so a pattern with nested quantifiers passes all checks and causes exponential state-space expansion, allowing a single request containing an adversarial regex to hang an inference worker indefinitely and deny service. This issue is fixed in version 0.24.0.

    Impacted products
    Name purl
    vllm pkg:pypi/vllm

    {
      "affected": [
        {
          "ecosystem_specific": {},
          "package": {
            "ecosystem": "PyPI",
            "name": "vllm",
            "purl": "pkg:pypi/vllm"
          },
          "ranges": [
            {
              "events": [
                {
                  "introduced": "0"
                },
                {
                  "fixed": "0.24.0"
                }
              ],
              "type": "ECOSYSTEM"
            }
          ],
          "versions": [
            "0.0.1",
            "0.1.0",
            "0.1.1",
            "0.1.2",
            "0.1.3",
            "0.1.4",
            "0.1.5",
            "0.1.6",
            "0.1.7",
            "0.10.0",
            "0.10.1",
            "0.10.1.1",
            "0.10.2",
            "0.11.0",
            "0.11.1",
            "0.11.2",
            "0.12.0",
            "0.13.0",
            "0.14.0",
            "0.14.1",
            "0.15.0",
            "0.15.1",
            "0.16.0",
            "0.17.0",
            "0.17.1",
            "0.18.0",
            "0.18.1",
            "0.19.0",
            "0.19.1",
            "0.2.0",
            "0.2.1",
            "0.2.1.post1",
            "0.2.2",
            "0.2.3",
            "0.2.4",
            "0.2.5",
            "0.2.6",
            "0.2.7",
            "0.20.0",
            "0.20.1",
            "0.20.2",
            "0.21.0",
            "0.22.0",
            "0.22.1",
            "0.23.0",
            "0.3.0",
            "0.3.1",
            "0.3.2",
            "0.3.3",
            "0.4.0",
            "0.4.0.post1",
            "0.4.1",
            "0.4.2",
            "0.4.3",
            "0.5.0",
            "0.5.0.post1",
            "0.5.1",
            "0.5.2",
            "0.5.3",
            "0.5.3.post1",
            "0.5.4",
            "0.5.5",
            "0.6.0",
            "0.6.1",
            "0.6.1.post1",
            "0.6.1.post2",
            "0.6.2",
            "0.6.3",
            "0.6.3.post1",
            "0.6.4",
            "0.6.4.post1",
            "0.6.5",
            "0.6.6",
            "0.6.6.post1",
            "0.7.0",
            "0.7.1",
            "0.7.2",
            "0.7.3",
            "0.8.0",
            "0.8.1",
            "0.8.2",
            "0.8.3",
            "0.8.4",
            "0.8.5",
            "0.8.5.post1",
            "0.9.0",
            "0.9.0.1",
            "0.9.1",
            "0.9.2"
          ]
        }
      ],
      "aliases": [
        "CVE-2026-55574",
        "GHSA-rwxx-mrjm-wc2m"
      ],
      "details": "vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, the structured_outputs.regex API parameter passes a user-supplied regular expression string directly to the grammar compiler backends with no compilation timeout; in the xgrammar backend the string reaches the regex compiler with no guard, and in the outlines backend the validation step blocks structural issues such as lookarounds and backreferences but performs no complexity analysis, so a pattern with nested quantifiers passes all checks and causes exponential state-space expansion, allowing a single request containing an adversarial regex to hang an inference worker indefinitely and deny service. This issue is fixed in version 0.24.0.",
      "id": "PYSEC-2026-2304",
      "modified": "2026-07-13T05:52:25.846300Z",
      "published": "2026-07-06T21:16:57.347Z",
      "references": [
        {
          "type": "ADVISORY",
          "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-rwxx-mrjm-wc2m"
        },
        {
          "type": "FIX",
          "url": "https://github.com/vllm-project/vllm/commit/2b3006076c5e9bc4cda9e03e3641388de3c5c286"
        },
        {
          "type": "FIX",
          "url": "https://github.com/vllm-project/vllm/pull/45118"
        }
      ],
      "severity": [
        {
          "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "type": "CVSS_V3"
        }
      ]
    }