Unbounded Frame Count in video/jpeg Base64 Data URL Processing Leads to OOM DoS in vllm-project/vllm
Summary
| CVE | CVE-2026-5497 |
|---|---|
| State | PUBLISHED |
| Assigner | @huntr_ai |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-06-11 10:16:21 UTC |
| Updated | 2026-07-03 13:17:30 UTC |
| Description | vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS) attack due to unbounded frame count processing in the `VideoMediaIO.load_base64()` method. When processing `video/jpeg` data URLs, the method splits the base64 data string on commas to extract individual JPEG frames without enforcing a frame count limit. An attacker can exploit this by crafting a single API request containing thousands of comma-separated base64-encoded JPEG frames in a data URL, causing the server to decode all frames into memory and crash due to excessive memory consumption. This vulnerability is reachable via the OpenAI-compatible chat completions API and does not require authentication. |
Risk And Classification
Primary CVSS: v3.1 7.5 HIGH from ADP
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS: 0.005970000 probability, percentile 0.442170000 (date 2026-07-02)
Problem Types: CWE-400 | CWE-770 | CWE-400 CWE-400 Uncontrolled Resource Consumption | CWE-770 Allocation of Resources Without Limits or Throttling
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | ADP | CVSS | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| 3.1 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | Secondary | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| 3.0 | [email protected] | Secondary | 7.5 | HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| 3.0 | CNA | DECLARED | 7.5 | HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
NoneIntegrity
NoneAvailability
HighCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS v3.0 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
NoneIntegrity
NoneAvailability
HighCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
NVD Known Affected Configurations (CPE 2.3)
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Vllm-project | Vllm-project/vllm | affected unspecified 0.19.0 custom | Not specified |
| ADP | Red Hat | Red Hat AI Inference Server | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux AI RHEL AI 3 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift AI RHOAI | Not specified | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| bugzilla.redhat.com/show_bug.cgi | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | bugzilla.redhat.com | |
| security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5497.json | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | security.access.redhat.com | |
| huntr.com/bounties/7bd92629-b396-4449-8f88-6c0092530eb4 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | huntr.com | Exploit, Third Party Advisory |
| access.redhat.com/security/cve/CVE-2026-5497 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| github.com/vllm-project/vllm/commit/58ee61422169ce17e08248f8efa1e9df434f... | [email protected] | github.com | Patch |
| access.redhat.com/errata/RHSA-2026:33524 | MITRE | access.redhat.com | |
| access.redhat.com/errata/RHSA-2026:33531 | MITRE | access.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Additional Advisory Data
| Source | Time | Event |
|---|---|---|
| ADP | 2026-06-11T10:00:52.827Z | Reported to Red Hat. |
| ADP | 2026-06-11T08:31:18.953Z | Made public. |
Workarounds
ADP: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
There are currently no legacy QID mappings associated with this CVE.