Primary

Context

vLLM Remote Code Execution Vulnerability Due to Hardcoded Trust Setting in Model Files

Vulnerability

Patched

A remote code execution vulnerability exists in vLLM, an inference and serving engine for large language models, in versions 0.10.1 prior to 0.18.0. The issue arises because two model implementation files hardcode the trust_remote_code parameter to True when loading sub-components. This bypasses the user's explicit opt-out choice, allowing remote code execution through malicious model repositories, even when remote code trust has been disabled. The vulnerability has been patched in vLLM version 0.18.0.

Impact

Exploitation of this vulnerability allows for remote code execution. An attacker can create a malicious model repository that executes arbitrary Python code when loaded by vLLM, disregarding the user's trust settings. This exploitation undermines the intended security of the trust_remote_code option.

Remediation

Users can update to vLLM version 0.18.0 or later, where this vulnerability has been fixed.

Added: Mar 27, 2026, 12:25 AM

Updated: Mar 27, 2026, 12:25 AM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

10.0

exploitability

4.7

remediation

7.7

relevance

4.8

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

10.0

exploitability

4.7

remediation

7.7

relevance

4.8

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

vLLM Remote Code Execution Vulnerability Due to Hardcoded Trust Setting in Model Files

Vulnerability

Impact

Remediation

Affected Products

vLLM

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating