CVE Catalog

CVE-2026-12491

MediumCVSS 4.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

15th percentile — higher than 15% of all known CVEs

Summary

A flaw was found in vLLM due to improper handling of image metadata, including EXIF orientation and PNG transparency (tRNS) data. During conversion to RGB, transparency information may be discarded or remapped, causing distortion of input content. This can lead to misinterpretation of images by the model.

Risk Assessment

The risk involves potential distortion of input data processed by the AI model, affecting the integrity of inference results. In scenarios where images are critical, this could lead to incorrect decisions or analyses.

Recommendation

It is recommended to update vLLM to the latest patched version. Additionally, consider validating and sanitizing image metadata before processing by the model.

Original NVD description (English source)

A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency (tRNS) data, during image processing. When images are converted to RGB, transparency information may be implicitly discarded or remapped, leading to unexpected rendering of transparent pixels and distortion of input content. This can result in the model misinterpreting image content, potentially affecting the integrity of processed data.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS