EXECUTIVE SUMMARY:
CVE-2026-41523 with a CVSS score of 7.5 is a vulnerability in the vLLM package that allows an attacker to bypass a security check in the activation function loading process, potentially leading to arbitrary code execution on the server. The flaw occurs when an assert statement is removed during execution in Python optimized mode, enabling an attacker-controlled function_name from a malicious Hugging Face model's config.json file to be passed to an unrestricted import mechanism. An attacker can exploit this vulnerability by publishing a malicious model and convincing a victim to load it while vLLM is running in optimized mode, thereby gaining the ability to execute arbitrary code with the privileges of the vLLM process. Successful exploitation may result in system compromise, unauthorized access, data breaches, and service disruption. The attack requires the victim to load a malicious model, run vLLM in optimized mode, and use a cross-encoder architecture.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
CVE-2026-41523 with a CVSS score of 7.5 is a vulnerability in the vLLM package that allows an attacker to bypass a security check in the activation function loading process, potentially leading to arbitrary code execution on the server. The flaw occurs when an assert statement is removed during execution in Python optimized mode, enabling an attacker-controlled function_name from a malicious Hugging Face model's config.json file to be passed to an unrestricted import mechanism. An attacker can exploit this vulnerability by publishing a malicious model and convincing a victim to load it while vLLM is running in optimized mode, thereby gaining the ability to execute arbitrary code with the privileges of the vLLM process. Successful exploitation may result in system compromise, unauthorized access, data breaches, and service disruption. The attack requires the victim to load a malicious model, run vLLM in optimized mode, and use a cross-encoder architecture.[emaillocker id="1283"]
RECOMMENDATION:
REFERENCES:
The following reports contain further technical details:
[/emaillocker]