Get a Demo

Let's Patch It!

Book a short call with one our specialists, we'll walk you through how Endor Patches work, and ask you a few questions about your environment (like your primary programming languages and repository management). We'll also send you an email right after you fill out the form, feel free to reply with any questions you have in advance!

CVE

CVE-2026-25960

SSRF Protection Bypass in vLLM
Back to all
CVE

CVE-2026-25960

SSRF Protection Bypass in vLLM

vLLM is an inference and serving engine for large language models (LLMs). The SSRF protection fix for CVE-2026-24779 add in 0.15.1 can be bypassed in the loadfromurlasync method due to inconsistent URL parsing behavior between the validation layer and the actual HTTP client. The SSRF fix uses urllib3.util.parseurl() to validate and extract the hostname from user-provided URLs. However, loadfromurl_async uses aiohttp for making the actual HTTP requests, and aiohttp internally uses the yarl library for URL parsing. This vulnerability in 0.17.0.

Package Versions Affected

Package Version
patch Availability
No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request

CVSS Version

Severity
Base Score
CVSS Version
Score Vector
C
H
U
7.1
-
3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
C
H
U
0
-
3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
C
H
U
-

Related Resources

No items found.

References

https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25960.json, https://github.com/vllm-project/vllm/security/advisories/GHSA-qh4c-xf7m-gxfc, https://github.com/vllm-project/vllm/security/advisories/GHSA-v359-jj2v-j536, https://nvd.nist.gov/vuln/detail/CVE-2026-25960, https://github.com/vllm-project/vllm/commit/6f3b2047abd4a748e3db4a68543f8221358002c0, https://github.com/vllm-project/vllm/pull/34743

Severity

7.1

CVSS Score
0
10

Basic Information

Ecosystem
Base CVSS
7.1
EPSS Probability
0.00028%
EPSS Percentile
0.07963%
Introduced Version
1892993bc18e243e2c05841314c5e9c06a80c70d
Fix Available
b31e9326a7d9394aab8c767f8ebe225c65594b60

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.
Fix Without Upgrading