Vulnerability-Lookup

CVE-2026-12491 (GCVE-0-2026-12491)

Vulnerability from cvelistv5 – Published: 2026-06-17 10:07 – Updated: 2026-06-17 14:47

Title

Vllm: vllm: image exif rotation & png trns transparency not normalized, causing mismatch between model input and expectations

Summary

A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency (tRNS) data, during image processing. When images are converted to RGB, transparency information may be implicitly discarded or remapped, leading to unexpected rendering of transparent pixels and distortion of input content. This can result in the model misinterpreting image content, potentially affecting the integrity of processed data.

Severity

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-115 - Misinterpretation of Input

Assigner

redhat

References

2 references

URL	Tags
https://access.redhat.com/security/cve/CVE-2026-12491	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2489786	issue-trackingx_refsource_REDHAT

Impacted products

3 products

Vendor	Product	Version
Red Hat	Red Hat AI Inference Server	cpe:/a:redhat:ai_inference_server:3
Red Hat	Red Hat Enterprise Linux AI (RHEL AI) 3	cpe:/a:redhat:enterprise_linux_ai:3
Red Hat	Red Hat OpenShift AI (RHOAI)	cpe:/a:redhat:openshift_ai

Date Public

2026-06-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-12491",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-17T14:47:47.319727Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-17T14:47:57.047Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ai_inference_server:3"
          ],
          "defaultStatus": "affected",
          "packageName": "rhaiis/vllm-cpu-rhel9",
          "product": "Red Hat AI Inference Server",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ai_inference_server:3"
          ],
          "defaultStatus": "affected",
          "packageName": "rhaiis/vllm-cuda-rhel9",
          "product": "Red Hat AI Inference Server",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ai_inference_server:3"
          ],
          "defaultStatus": "affected",
          "packageName": "rhaiis/vllm-neuron-rhel9",
          "product": "Red Hat AI Inference Server",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ai_inference_server:3"
          ],
          "defaultStatus": "affected",
          "packageName": "rhaiis/vllm-rocm-rhel9",
          "product": "Red Hat AI Inference Server",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ai_inference_server:3"
          ],
          "defaultStatus": "affected",
          "packageName": "rhaiis/vllm-spyre-rhel9",
          "product": "Red Hat AI Inference Server",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ai_inference_server:3"
          ],
          "defaultStatus": "affected",
          "packageName": "rhaiis/vllm-tpu-rhel9",
          "product": "Red Hat AI Inference Server",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ai_inference_server:3"
          ],
          "defaultStatus": "affected",
          "packageName": "rhaii/vllm-cpu-rhel9",
          "product": "Red Hat AI Inference Server",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ai_inference_server:3"
          ],
          "defaultStatus": "affected",
          "packageName": "rhaii/vllm-cuda-rhel9",
          "product": "Red Hat AI Inference Server",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ai_inference_server:3"
          ],
          "defaultStatus": "affected",
          "packageName": "rhaii/vllm-gaudi-rhel9",
          "product": "Red Hat AI Inference Server",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ai_inference_server:3"
          ],
          "defaultStatus": "affected",
          "packageName": "rhaii/vllm-neuron-rhel9",
          "product": "Red Hat AI Inference Server",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ai_inference_server:3"
          ],
          "defaultStatus": "affected",
          "packageName": "rhaii/vllm-rocm-rhel9",
          "product": "Red Hat AI Inference Server",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ai_inference_server:3"
          ],
          "defaultStatus": "affected",
          "packageName": "rhaii/vllm-spyre-rhel9",
          "product": "Red Hat AI Inference Server",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ai_inference_server:3"
          ],
          "defaultStatus": "affected",
          "packageName": "rhaii/vllm-tpu-rhel9",
          "product": "Red Hat AI Inference Server",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux_ai:3"
          ],
          "defaultStatus": "affected",
          "packageName": "rhelai3/bootc-aws-cuda-rhel9",
          "product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux_ai:3"
          ],
          "defaultStatus": "affected",
          "packageName": "rhelai3/bootc-azure-cuda-rhel9",
          "product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux_ai:3"
          ],
          "defaultStatus": "affected",
          "packageName": "rhelai3/bootc-azure-rocm-rhel9",
          "product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux_ai:3"
          ],
          "defaultStatus": "affected",
          "packageName": "rhelai3/bootc-cuda-rhel9",
          "product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux_ai:3"
          ],
          "defaultStatus": "affected",
          "packageName": "rhelai3/bootc-gaudi-rhel9",
          "product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux_ai:3"
          ],
          "defaultStatus": "affected",
          "packageName": "rhelai3/bootc-gcp-cuda-rhel9",
          "product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux_ai:3"
          ],
          "defaultStatus": "affected",
          "packageName": "rhelai3/bootc-rocm-rhel9",
          "product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_ai"
          ],
          "defaultStatus": "affected",
          "packageName": "rhoai/odh-kserve-agent-rhel9",
          "product": "Red Hat OpenShift AI (RHOAI)",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_ai"
          ],
          "defaultStatus": "affected",
          "packageName": "rhoai/odh-kserve-controller-rhel9",
          "product": "Red Hat OpenShift AI (RHOAI)",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_ai"
          ],
          "defaultStatus": "affected",
          "packageName": "rhoai/odh-kserve-router-rhel9",
          "product": "Red Hat OpenShift AI (RHOAI)",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_ai"
          ],
          "defaultStatus": "affected",
          "packageName": "rhoai/odh-kserve-storage-initializer-rhel9",
          "product": "Red Hat OpenShift AI (RHOAI)",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_ai"
          ],
          "defaultStatus": "affected",
          "packageName": "rhoai/odh-llm-d-kv-cache-rhel9",
          "product": "Red Hat OpenShift AI (RHOAI)",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_ai"
          ],
          "defaultStatus": "affected",
          "packageName": "rhoai/odh-vllm-cuda-rhel9",
          "product": "Red Hat OpenShift AI (RHOAI)",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_ai"
          ],
          "defaultStatus": "affected",
          "packageName": "rhoai/odh-vllm-gaudi-rhel9",
          "product": "Red Hat OpenShift AI (RHOAI)",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_ai"
          ],
          "defaultStatus": "affected",
          "packageName": "rhoai/odh-vllm-rocm-rhel9",
          "product": "Red Hat OpenShift AI (RHOAI)",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2026-06-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency (tRNS) data, during image processing. When images are converted to RGB, transparency information may be implicitly discarded or remapped, leading to unexpected rendering of transparent pixels and distortion of input content. This can result in the model misinterpreting image content, potentially affecting the integrity of processed data."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-115",
              "description": "Misinterpretation of Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-17T10:07:28.756Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-12491"
        },
        {
          "name": "RHBZ#2489786",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489786"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-06-17T07:56:27.368Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-06-10T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Vllm: vllm: image exif rotation \u0026 png trns transparency not normalized, causing mismatch between model input and expectations",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-115: Misinterpretation of Input"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-12491",
    "datePublished": "2026-06-17T10:07:28.756Z",
    "dateReserved": "2026-06-17T07:24:01.437Z",
    "dateUpdated": "2026-06-17T14:47:57.047Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-12491",
      "date": "2026-06-18",
      "epss": "0.00239",
      "percentile": "0.14749"
    },
    "vulnrichment": {
      "containers": "{\"cna\": {\"title\": \"Vllm: vllm: image exif rotation \u0026 png trns transparency not normalized, causing mismatch between model input and expectations\", \"metrics\": [{\"other\": {\"content\": {\"value\": \"Moderate\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}, \"type\": \"Red Hat severity rating\"}}, {\"cvssV3_1\": {\"attackComplexity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"LOW\", \"baseScore\": 4.8, \"baseSeverity\": \"MEDIUM\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L\", \"version\": \"3.1\"}, \"format\": \"CVSS\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency (tRNS) data, during image processing. When images are converted to RGB, transparency information may be implicitly discarded or remapped, leading to unexpected rendering of transparent pixels and distortion of input content. This can result in the model misinterpreting image content, potentially affecting the integrity of processed data.\"}], \"affected\": [{\"vendor\": \"Red Hat\", \"product\": \"Red Hat AI Inference Server\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"packageName\": \"rhaiis/vllm-cpu-rhel9\", \"defaultStatus\": \"affected\", \"cpes\": [\"cpe:/a:redhat:ai_inference_server:3\"]}, {\"vendor\": \"Red Hat\", \"product\": \"Red Hat AI Inference Server\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"packageName\": \"rhaiis/vllm-cuda-rhel9\", \"defaultStatus\": \"affected\", \"cpes\": [\"cpe:/a:redhat:ai_inference_server:3\"]}, {\"vendor\": \"Red Hat\", \"product\": \"Red Hat AI Inference Server\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"packageName\": \"rhaiis/vllm-neuron-rhel9\", \"defaultStatus\": \"affected\", \"cpes\": [\"cpe:/a:redhat:ai_inference_server:3\"]}, {\"vendor\": \"Red Hat\", \"product\": \"Red Hat AI Inference Server\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"packageName\": \"rhaiis/vllm-rocm-rhel9\", \"defaultStatus\": \"affected\", \"cpes\": [\"cpe:/a:redhat:ai_inference_server:3\"]}, {\"vendor\": \"Red Hat\", \"product\": \"Red Hat AI Inference Server\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"packageName\": \"rhaiis/vllm-spyre-rhel9\", \"defaultStatus\": \"affected\", \"cpes\": [\"cpe:/a:redhat:ai_inference_server:3\"]}, {\"vendor\": \"Red Hat\", \"product\": \"Red Hat AI Inference Server\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"packageName\": \"rhaiis/vllm-tpu-rhel9\", \"defaultStatus\": \"affected\", \"cpes\": [\"cpe:/a:redhat:ai_inference_server:3\"]}, {\"vendor\": \"Red Hat\", \"product\": \"Red Hat AI Inference Server\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"packageName\": \"rhaii/vllm-cpu-rhel9\", \"defaultStatus\": \"affected\", \"cpes\": [\"cpe:/a:redhat:ai_inference_server:3\"]}, {\"vendor\": \"Red Hat\", \"product\": \"Red Hat AI Inference Server\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"packageName\": \"rhaii/vllm-cuda-rhel9\", \"defaultStatus\": \"affected\", \"cpes\": [\"cpe:/a:redhat:ai_inference_server:3\"]}, {\"vendor\": \"Red Hat\", \"product\": \"Red Hat AI Inference Server\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"packageName\": \"rhaii/vllm-gaudi-rhel9\", \"defaultStatus\": \"affected\", \"cpes\": [\"cpe:/a:redhat:ai_inference_server:3\"]}, {\"vendor\": \"Red Hat\", \"product\": \"Red Hat AI Inference Server\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"packageName\": \"rhaii/vllm-neuron-rhel9\", \"defaultStatus\": \"affected\", \"cpes\": [\"cpe:/a:redhat:ai_inference_server:3\"]}, {\"vendor\": \"Red Hat\", \"product\": \"Red Hat AI Inference Server\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"packageName\": \"rhaii/vllm-rocm-rhel9\", \"defaultStatus\": \"affected\", \"cpes\": [\"cpe:/a:redhat:ai_inference_server:3\"]}, {\"vendor\": \"Red Hat\", \"product\": \"Red Hat AI Inference Server\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"packageName\": \"rhaii/vllm-spyre-rhel9\", \"defaultStatus\": \"affected\", \"cpes\": [\"cpe:/a:redhat:ai_inference_server:3\"]}, {\"vendor\": \"Red Hat\", \"product\": \"Red Hat AI Inference Server\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"packageName\": \"rhaii/vllm-tpu-rhel9\", \"defaultStatus\": \"affected\", \"cpes\": [\"cpe:/a:redhat:ai_inference_server:3\"]}, {\"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AI (RHEL AI) 3\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"packageName\": \"rhelai3/bootc-aws-cuda-rhel9\", \"defaultStatus\": \"affected\", \"cpes\": [\"cpe:/a:redhat:enterprise_linux_ai:3\"]}, {\"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AI (RHEL AI) 3\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"packageName\": \"rhelai3/bootc-azure-cuda-rhel9\", \"defaultStatus\": \"affected\", \"cpes\": [\"cpe:/a:redhat:enterprise_linux_ai:3\"]}, {\"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AI (RHEL AI) 3\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"packageName\": \"rhelai3/bootc-azure-rocm-rhel9\", \"defaultStatus\": \"affected\", \"cpes\": [\"cpe:/a:redhat:enterprise_linux_ai:3\"]}, {\"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AI (RHEL AI) 3\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"packageName\": \"rhelai3/bootc-cuda-rhel9\", \"defaultStatus\": \"affected\", \"cpes\": [\"cpe:/a:redhat:enterprise_linux_ai:3\"]}, {\"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AI (RHEL AI) 3\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"packageName\": \"rhelai3/bootc-gaudi-rhel9\", \"defaultStatus\": \"affected\", \"cpes\": [\"cpe:/a:redhat:enterprise_linux_ai:3\"]}, {\"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AI (RHEL AI) 3\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"packageName\": \"rhelai3/bootc-gcp-cuda-rhel9\", \"defaultStatus\": \"affected\", \"cpes\": [\"cpe:/a:redhat:enterprise_linux_ai:3\"]}, {\"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AI (RHEL AI) 3\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"packageName\": \"rhelai3/bootc-rocm-rhel9\", \"defaultStatus\": \"affected\", \"cpes\": [\"cpe:/a:redhat:enterprise_linux_ai:3\"]}, {\"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift AI (RHOAI)\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"packageName\": \"rhoai/odh-kserve-agent-rhel9\", \"defaultStatus\": \"affected\", \"cpes\": [\"cpe:/a:redhat:openshift_ai\"]}, {\"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift AI (RHOAI)\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"packageName\": \"rhoai/odh-kserve-controller-rhel9\", \"defaultStatus\": \"affected\", \"cpes\": [\"cpe:/a:redhat:openshift_ai\"]}, {\"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift AI (RHOAI)\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"packageName\": \"rhoai/odh-kserve-router-rhel9\", \"defaultStatus\": \"affected\", \"cpes\": [\"cpe:/a:redhat:openshift_ai\"]}, {\"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift AI (RHOAI)\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"packageName\": \"rhoai/odh-kserve-storage-initializer-rhel9\", \"defaultStatus\": \"affected\", \"cpes\": [\"cpe:/a:redhat:openshift_ai\"]}, {\"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift AI (RHOAI)\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"packageName\": \"rhoai/odh-llm-d-kv-cache-rhel9\", \"defaultStatus\": \"affected\", \"cpes\": [\"cpe:/a:redhat:openshift_ai\"]}, {\"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift AI (RHOAI)\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"packageName\": \"rhoai/odh-vllm-cuda-rhel9\", \"defaultStatus\": \"affected\", \"cpes\": [\"cpe:/a:redhat:openshift_ai\"]}, {\"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift AI (RHOAI)\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"packageName\": \"rhoai/odh-vllm-gaudi-rhel9\", \"defaultStatus\": \"affected\", \"cpes\": [\"cpe:/a:redhat:openshift_ai\"]}, {\"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift AI (RHOAI)\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"packageName\": \"rhoai/odh-vllm-rocm-rhel9\", \"defaultStatus\": \"affected\", \"cpes\": [\"cpe:/a:redhat:openshift_ai\"]}], \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2026-12491\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2489786\", \"name\": \"RHBZ#2489786\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}], \"datePublic\": \"2026-06-10T00:00:00.000Z\", \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-115\", \"description\": \"Misinterpretation of Input\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"x_redhatCweChain\": \"CWE-115: Misinterpretation of Input\", \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-06-17T07:56:27.368Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2026-06-10T00:00:00.000Z\", \"value\": \"Made public.\"}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2026-06-17T10:07:28.756Z\"}, \"x_generator\": {\"engine\": \"cvelib 1.8.0\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-12491\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-17T14:47:47.319727Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-17T14:47:54.334Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-12491\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"redhat\", \"dateReserved\": \"2026-06-17T07:24:01.437Z\", \"datePublished\": \"2026-06-17T10:07:28.756Z\", \"dateUpdated\": \"2026-06-17T14:47:57.047Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2026-12491

Vulnerability from fkie_nvd - Published: 2026-06-17 13:20 - Updated: 2026-06-17 16:14

Severity

4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

Summary

References

	URL	Tags
	secalert@redhat.com	https://access.redhat.com/security/cve/CVE-2026-12491
	secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=2489786

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ai_inference_server:3"
          ],
          "defaultStatus": "affected",
          "packageName": "rhaiis/vllm-cpu-rhel9",
          "product": "Red Hat AI Inference Server",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ai_inference_server:3"
          ],
          "defaultStatus": "affected",
          "packageName": "rhaiis/vllm-cuda-rhel9",
          "product": "Red Hat AI Inference Server",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ai_inference_server:3"
          ],
          "defaultStatus": "affected",
          "packageName": "rhaiis/vllm-neuron-rhel9",
          "product": "Red Hat AI Inference Server",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ai_inference_server:3"
          ],
          "defaultStatus": "affected",
          "packageName": "rhaiis/vllm-rocm-rhel9",
          "product": "Red Hat AI Inference Server",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ai_inference_server:3"
          ],
          "defaultStatus": "affected",
          "packageName": "rhaiis/vllm-spyre-rhel9",
          "product": "Red Hat AI Inference Server",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ai_inference_server:3"
          ],
          "defaultStatus": "affected",
          "packageName": "rhaiis/vllm-tpu-rhel9",
          "product": "Red Hat AI Inference Server",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ai_inference_server:3"
          ],
          "defaultStatus": "affected",
          "packageName": "rhaii/vllm-cpu-rhel9",
          "product": "Red Hat AI Inference Server",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ai_inference_server:3"
          ],
          "defaultStatus": "affected",
          "packageName": "rhaii/vllm-cuda-rhel9",
          "product": "Red Hat AI Inference Server",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ai_inference_server:3"
          ],
          "defaultStatus": "affected",
          "packageName": "rhaii/vllm-gaudi-rhel9",
          "product": "Red Hat AI Inference Server",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ai_inference_server:3"
          ],
          "defaultStatus": "affected",
          "packageName": "rhaii/vllm-neuron-rhel9",
          "product": "Red Hat AI Inference Server",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ai_inference_server:3"
          ],
          "defaultStatus": "affected",
          "packageName": "rhaii/vllm-rocm-rhel9",
          "product": "Red Hat AI Inference Server",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ai_inference_server:3"
          ],
          "defaultStatus": "affected",
          "packageName": "rhaii/vllm-spyre-rhel9",
          "product": "Red Hat AI Inference Server",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ai_inference_server:3"
          ],
          "defaultStatus": "affected",
          "packageName": "rhaii/vllm-tpu-rhel9",
          "product": "Red Hat AI Inference Server",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux_ai:3"
          ],
          "defaultStatus": "affected",
          "packageName": "rhelai3/bootc-aws-cuda-rhel9",
          "product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux_ai:3"
          ],
          "defaultStatus": "affected",
          "packageName": "rhelai3/bootc-azure-cuda-rhel9",
          "product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux_ai:3"
          ],
          "defaultStatus": "affected",
          "packageName": "rhelai3/bootc-azure-rocm-rhel9",
          "product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux_ai:3"
          ],
          "defaultStatus": "affected",
          "packageName": "rhelai3/bootc-cuda-rhel9",
          "product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux_ai:3"
          ],
          "defaultStatus": "affected",
          "packageName": "rhelai3/bootc-gaudi-rhel9",
          "product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux_ai:3"
          ],
          "defaultStatus": "affected",
          "packageName": "rhelai3/bootc-gcp-cuda-rhel9",
          "product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux_ai:3"
          ],
          "defaultStatus": "affected",
          "packageName": "rhelai3/bootc-rocm-rhel9",
          "product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_ai"
          ],
          "defaultStatus": "affected",
          "packageName": "rhoai/odh-kserve-agent-rhel9",
          "product": "Red Hat OpenShift AI (RHOAI)",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_ai"
          ],
          "defaultStatus": "affected",
          "packageName": "rhoai/odh-kserve-controller-rhel9",
          "product": "Red Hat OpenShift AI (RHOAI)",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_ai"
          ],
          "defaultStatus": "affected",
          "packageName": "rhoai/odh-kserve-router-rhel9",
          "product": "Red Hat OpenShift AI (RHOAI)",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_ai"
          ],
          "defaultStatus": "affected",
          "packageName": "rhoai/odh-kserve-storage-initializer-rhel9",
          "product": "Red Hat OpenShift AI (RHOAI)",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_ai"
          ],
          "defaultStatus": "affected",
          "packageName": "rhoai/odh-llm-d-kv-cache-rhel9",
          "product": "Red Hat OpenShift AI (RHOAI)",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_ai"
          ],
          "defaultStatus": "affected",
          "packageName": "rhoai/odh-vllm-cuda-rhel9",
          "product": "Red Hat OpenShift AI (RHOAI)",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_ai"
          ],
          "defaultStatus": "affected",
          "packageName": "rhoai/odh-vllm-gaudi-rhel9",
          "product": "Red Hat OpenShift AI (RHOAI)",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_ai"
          ],
          "defaultStatus": "affected",
          "packageName": "rhoai/odh-vllm-rocm-rhel9",
          "product": "Red Hat OpenShift AI (RHOAI)",
          "vendor": "Red Hat"
        }
      ],
      "source": "secalert@redhat.com"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency (tRNS) data, during image processing. When images are converted to RGB, transparency information may be implicitly discarded or remapped, leading to unexpected rendering of transparent pixels and distortion of input content. This can result in the model misinterpreting image content, potentially affecting the integrity of processed data."
    }
  ],
  "id": "CVE-2026-12491",
  "lastModified": "2026-06-17T16:14:51.680",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 2.5,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2026-12491",
          "options": [
            {
              "exploitation": "none"
            },
            {
              "automatable": "no"
            },
            {
              "technicalImpact": "partial"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2026-06-17T14:47:47.319727Z",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2026-06-17T13:20:04.323",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/security/cve/CVE-2026-12491"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489786"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-115"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    }
  ]
}

GHSA-8JR5-V98P-W75M

Vulnerability from github – Published: 2026-06-17 14:02 – Updated: 2026-06-18 14:31

Summary

vLLM: image EXIF Rotation & PNG tRNS Transparency Not Normalized, Causing Mismatch Between Model Input and Expectations

Details

Summary

Issue 1: EXIF orientation not normalized → The image orientation processed by the model differs from how humans view it, introducing interpretation bias.

Issue 2: PNG tRNS not explicitly flattened before converting to RGB → After conversion, transparent/semi-transparent pixels are rendered unexpectedly, making otherwise subtle overlay elements visible and distorting the input content. (This attack is similar to AlphaDog: RGBA handling is already correct in vLLM, but since tRNS permits RGB images, the correct processing path isn’t taken.)

Issue 3 : Pillow only loads the first frame when loading APNG or GIF files.

Root Cause

Rotation: After opening an image, ImageOps.exif_transpose is not called to normalize EXIF orientation.
Transparency: Only RGBA→RGB is flattened with a background; PNGs carrying tRNS in P/L/RGB + tRNS and other non-RGBA modes take the image.convert("RGB") path, which implicitly discards/remaps transparency semantics.

Affected Code

https://github.com/vllm-project/vllm/blob/16b37f3119918c1e5a39f303e0d0892c65c07a90/vllm/multimodal/image.py#L77-L84

https://github.com/vllm-project/vllm/blob/16b37f3119918c1e5a39f303e0d0892c65c07a90/vllm/multimodal/image.py#L37-L43

https://github.com/vllm-project/vllm/blob/16b37f3119918c1e5a39f303e0d0892c65c07a90/vllm/multimodal/image.py#L26-L34

Current state: ImageOps.exif_transpose is not used. (Although the rescale_image_size function (https://github.com/vllm-project/vllm/blob/main/vllm/multimodal/image.py#L14) exists and includes a transpose parameter, I’ve found that it doesn’t seem to be called anywhere outside the test directory.）

Call order: _convert_image_mode runs first; if the conditions are met, convert_image_mode is called.

Issue: Only the “RGBA → RGB” path is explicitly flattened. P, L, or RGB with tRNS all fall back to image.convert("RGB"). For PNGs that include tRNS, convert("RGB") directly produces 24-bit RGB, leading to:

P mode: The transparent index becomes an actual RGB color (often black, white, or an undefined background), so transparency is lost.

L/LA and RGB + tRNS: convert("RGB") doesn’t composite against a chosen background first, so elements that relied on transparency to be hidden or softened become solid.

Impact & Scope

Impact: Pixels the model sees can diverge from operator expectations (due to orientation or transparency handling), potentially altering downstream reasoning.
Scope: The image I/O and mode-conversion paths in vllm/multimodal/image.py. The existing RGBA→RGB flattening is correct; the issues center on missing EXIF normalization and non-RGBA tRNS not being explicitly composited.

Case

EXIF： http://qiniu.funxingzuo.top/exif_orient_180.jpg tRNS: http://qiniu.funxingzuo.top/hello.png

Fix

A fix for this vulnerability was merged here: https://github.com/vllm-project/vllm/pull/44974

Severity

4.8 (Medium)


                  
                    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "vllm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.11.0"
            },
            {
              "last_affected": "0.23.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-12491"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-436"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-17T14:02:42Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "## Summary\n\nIssue 1: EXIF orientation not normalized \u2192 The image orientation processed by the model differs from how humans view it, introducing interpretation bias.\n\nIssue 2: PNG tRNS not explicitly flattened before converting to RGB \u2192 After conversion, transparent/semi-transparent pixels are rendered unexpectedly, making otherwise subtle overlay elements visible and distorting the input content. (This attack is similar to AlphaDog: RGBA handling is already correct in vLLM, but since tRNS permits RGB images, the correct processing path isn\u2019t taken.)\n\nIssue 3 : Pillow only loads the first frame when loading APNG or GIF files.\n\n---\n\n## Root Cause\n\n* **Rotation**: After opening an image, `ImageOps.exif_transpose` is not called to normalize EXIF orientation.\n* **Transparency**: Only **RGBA\u2192RGB** is flattened with a background; PNGs carrying **`tRNS`** in **`P`/`L`/`RGB + tRNS`** and other non-RGBA modes take the `image.convert(\"RGB\")` path, which implicitly discards/remaps transparency semantics.\n\n---\n\n## Affected Code\n\n\nhttps://github.com/vllm-project/vllm/blob/16b37f3119918c1e5a39f303e0d0892c65c07a90/vllm/multimodal/image.py#L77-L84\n\nhttps://github.com/vllm-project/vllm/blob/16b37f3119918c1e5a39f303e0d0892c65c07a90/vllm/multimodal/image.py#L37-L43\n\nhttps://github.com/vllm-project/vllm/blob/16b37f3119918c1e5a39f303e0d0892c65c07a90/vllm/multimodal/image.py#L26-L34\n\u003e Current state: `ImageOps.exif_transpose` is not used. (Although the `rescale_image_size` function ([https://github.com/vllm-project/vllm/blob/main/vllm/multimodal/image.py#L14](https://github.com/vllm-project/vllm/blob/main/vllm/multimodal/image.py#L14)) exists and includes a `transpose` parameter, I\u2019ve found that it doesn\u2019t seem to be called anywhere outside the `test` directory.\uff09\n\n\u003e **Call order**: `_convert_image_mode` runs first; if the conditions are met, `convert_image_mode` is called.\n\u003e \n\u003e **Issue**: Only the \u201cRGBA \u2192 RGB\u201d path is explicitly flattened. `P`, `L`, or `RGB` with `tRNS` all fall back to `image.convert(\"RGB\")`. For PNGs that include `tRNS`, `convert(\"RGB\")` directly produces 24-bit RGB, leading to:\n\u003e \n\u003e * **`P` mode**: The transparent index becomes an actual RGB color (often black, white, or an undefined background), so transparency is lost.\n\u003e * **`L/LA` and `RGB + tRNS`**: `convert(\"RGB\")` doesn\u2019t composite against a chosen background first, so elements that relied on transparency to be hidden or softened become solid.\n\n\n## Impact \u0026 Scope\n\n* **Impact**: Pixels the model sees can diverge from operator expectations (due to orientation or transparency handling), potentially altering downstream reasoning.\n* **Scope**: The image I/O and mode-conversion paths in `vllm/multimodal/image.py`. The existing **RGBA\u2192RGB** flattening is correct; the issues center on **missing EXIF normalization** and **non-RGBA `tRNS` not being explicitly composited**.\n\n## Case\nEXIF\uff1a http://qiniu.funxingzuo.top/exif_orient_180.jpg\ntRNS:  http://qiniu.funxingzuo.top/hello.png\n\n## Fix\n\nA fix for this vulnerability was merged here: https://github.com/vllm-project/vllm/pull/44974",
  "id": "GHSA-8jr5-v98p-w75m",
  "modified": "2026-06-18T14:31:43Z",
  "published": "2026-06-17T14:02:42Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-8jr5-v98p-w75m"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12491"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vllm-project/vllm/pull/44974"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vllm-project/vllm/commit/cf1c90672404548aa3bc51f92c4745576a65ee26"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-12491"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489786"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/vllm-project/vllm"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "vLLM: image EXIF Rotation \u0026 PNG tRNS Transparency Not Normalized, Causing Mismatch Between Model Input and Expectations"
}

GHSA-X8XR-MJ9X-6H7W

Vulnerability from github – Published: 2026-06-17 18:35 – Updated: 2026-06-18 14:31

Summary

Duplicate Advisory: image EXIF Rotation & PNG tRNS Transparency Not Normalized, Causing Mismatch Between Model Input and Expectations

Details

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-8jr5-v98p-w75m. This link is maintained to preserve external references.

Original Description

Severity

4.8 (Medium)


                  
                    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "vllm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.11.0"
            },
            {
              "last_affected": "0.23.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-115"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-18T14:31:36Z",
    "nvd_published_at": "2026-06-17T13:20:04Z",
    "severity": "MODERATE"
  },
  "details": "## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of\u00a0GHSA-8jr5-v98p-w75m. This link is maintained to preserve external references.\n\n## Original Description\nA flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency (tRNS) data, during image processing. When images are converted to RGB, transparency information may be implicitly discarded or remapped, leading to unexpected rendering of transparent pixels and distortion of input content. This can result in the model misinterpreting image content, potentially affecting the integrity of processed data.",
  "id": "GHSA-x8xr-mj9x-6h7w",
  "modified": "2026-06-18T14:31:36Z",
  "published": "2026-06-17T18:35:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12491"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-12491"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489786"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Duplicate Advisory: image EXIF Rotation \u0026 PNG tRNS Transparency Not Normalized, Causing Mismatch Between Model Input and Expectations",
  "withdrawn": "2026-06-18T14:31:36Z"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-12491 (GCVE-0-2026-12491)

FKIE_CVE-2026-12491

GHSA-8JR5-V98P-W75M

Summary

Root Cause

Affected Code

Impact & Scope

Case

Fix

GHSA-X8XR-MJ9X-6H7W

Duplicate Advisory

Original Description

Tags

Sightings

Nomenclature