CVE-2026-12491
MediumCVSS 4.8Exploitation Probability (EPSS)
Low risk15th percentile — higher than 15% of all known CVEs
Summary
A flaw was found in vLLM due to improper handling of image metadata, including EXIF orientation and PNG transparency (tRNS) data. During conversion to RGB, transparency information may be discarded or remapped, causing distortion of input content. This can lead to misinterpretation of images by the model.
Risk Assessment
The risk involves potential distortion of input data processed by the AI model, affecting the integrity of inference results. In scenarios where images are critical, this could lead to incorrect decisions or analyses.
Recommendation
It is recommended to update vLLM to the latest patched version. Additionally, consider validating and sanitizing image metadata before processing by the model.
Original NVD description (English source)
A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency (tRNS) data, during image processing. When images are converted to RGB, transparency information may be implicitly discarded or remapped, leading to unexpected rendering of transparent pixels and distortion of input content. This can result in the model misinterpreting image content, potentially affecting the integrity of processed data.

