CVE Catalog

CVE-2026-54235

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.32%

23th percentile — higher than 23% of all known CVEs

Summary

vLLM is an inference and serving engine for large language models. In versions prior to 0.23.1rc0, temperature validation used comparison operators that incorrectly handled NaN and positive Infinity, leading to undefined behavior or CUDA errors.

Risk Assessment

Organizations may experience inference worker crashes due to improper data handling, potentially resulting in service interruptions and data loss.

Recommendation

It is recommended to upgrade to version 0.23.1rc0 or later to mitigate this vulnerability and ensure proper functioning of the inference engine.

Original NVD description (English source)

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, ll temperature validation gates use comparison operators (<, >), which silently evaluate to False for NaN and for positive Infinity in Python's IEEE 754 float semantics. Both values pass every guard and propagate to GPU sampling kernels, where they produce undefined behavior or CUDA errors that can crash the inference worker. This vulnerability is fixed in 0.23.1rc0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS