exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 4

CVE-2026-27893

5 дней назад

vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to version 0.18.0, two model implementation files hardcode `trust_remote_code=True` when loading sub-components, bypassing the user's explicit `--trust-remote-code=False` security opt-out. This enables remote code execution via malicious model repositories even when the user has explicitly disabled remote code trust. Version 0.18.0 patches the issue.

CVSS3: 8.8

EPSS: Низкий

CVE-2026-27893

5 дней назад

vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to version 0.18.0, two model implementation files hardcode `trust_remote_code=True` when loading sub-components, bypassing the user's explicit `--trust-remote-code=False` security opt-out. This enables remote code execution via malicious model repositories even when the user has explicitly disabled remote code trust. Version 0.18.0 patches the issue.

CVSS3: 8.8

EPSS: Низкий

CVE-2026-27893

5 дней назад

vLLM is an inference and serving engine for large language models (LLM ...

CVSS3: 8.8

EPSS: Низкий

GHSA-7972-pg2x-xr59

4 дня назад

vLLM has Hardcoded Trust Override in Model Files Enables RCE Despite Explicit User Opt-Out

CVSS3: 8.8

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2026-27893 vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to version 0.18.0, two model implementation files hardcode `trust_remote_code=True` when loading sub-components, bypassing the user's explicit `--trust-remote-code=False` security opt-out. This enables remote code execution via malicious model repositories even when the user has explicitly disabled remote code trust. Version 0.18.0 patches the issue.	CVSS3: 8.8	0% Низкий	5 дней назад
CVE-2026-27893 vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to version 0.18.0, two model implementation files hardcode `trust_remote_code=True` when loading sub-components, bypassing the user's explicit `--trust-remote-code=False` security opt-out. This enables remote code execution via malicious model repositories even when the user has explicitly disabled remote code trust. Version 0.18.0 patches the issue.	CVSS3: 8.8	0% Низкий	5 дней назад
CVE-2026-27893 vLLM is an inference and serving engine for large language models (LLM ...	CVSS3: 8.8	0% Низкий	5 дней назад
GHSA-7972-pg2x-xr59 vLLM has Hardcoded Trust Override in Model Files Enables RCE Despite Explicit User Opt-Out	CVSS3: 8.8	0% Низкий	4 дня назад

Уязвимостей на страницу