vLLM Patches Two New DoS CVEs in v0.24.0 — Audio Memory Exhaustion and Regex ReDoS
AI relevance: vLLM is one of the most widely deployed LLM inference engines — these CVEs let unauthenticated attackers crash or hang serving instances, directly impacting availability of any production AI workload running affected versions.
What was found
- CVE-2026-55646 (CVSS 6.5): The
/v1/audio/transcriptionsand/v1/audio/translationsroutes callrequest.file.read()to fully materialize an uploaded audio file into memory before checking the documentedVLLM_MAX_AUDIO_CLIP_FILESIZE_MBlimit (default 25 MB). - An API caller can submit an oversized multipart upload and force vLLM to allocate memory proportional to the full file size before the request is rejected.
- Depending on deployment resource limits, this causes memory pressure or outright process termination — a textbook uncontrolled resource consumption bug (CWE-400, CWE-770).
- Affects vLLM 0.22.0 through 0.23.0. Fixed in 0.24.0.
Regex ReDoS via structured outputs
- CVE-2026-55574 (CVSS 7.5–8.7): The
structured_outputs.regexAPI parameter passes user-supplied regex strings directly to grammar compiler backends with no compilation timeout or complexity analysis. - In the xgrammar backend, regex strings reach the compiler with zero guards. In outlines, structural issues like lookarounds are blocked but nested quantifiers pass validation and cause exponential state-space expansion.
- A single request containing an adversarial regex pattern can hang an inference worker indefinitely — denying service to all concurrent users of that worker.
- Also fixed in vLLM 0.24.0.
Why it matters
Both vulnerabilities are remotely exploitable without authentication. Any internet-facing vLLM instance running speech-to-text routes or exposing the structured outputs API is at risk. The regex CVE is particularly insidious because it targets the grammar compilation path — a component most operators wouldn't think to monitor for resource exhaustion. Combined, these bugs mean an attacker can take down inference workers through two completely independent vectors.
What to do
- Upgrade vLLM to 0.24.0 or later immediately.
- If you cannot upgrade, add a reverse-proxy limit on upload body size for audio endpoints (well below your memory ceiling).
- For the regex CVE: implement input validation and complexity analysis on user-supplied regex patterns before they reach the grammar compiler, or add a compilation timeout as defense-in-depth.
- Monitor vLLM worker memory usage and set OOM alerts — sudden spikes may indicate active exploitation attempts.