Arbitrary code execution via malicious HuggingFace model
Summary
vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.0, an assert-based security check in vLLM's activation function loading allows any unauthenticated attacker to achieve arbitrary code execution on the server by publishing a malicious HuggingFace model, when vLLM runs in Python optimized mode (python -O or PYTHONOPTIMIZE=1). This vulnerability is fixed in 0.22.0. A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). An unauthenticated attacker can exploit an assert-based security check during activation function loading. By publishing a malicious HuggingFace model, an attacker can achieve arbitrary code execution on the server when vLLM runs in Python optimized mode. Red Hat rates this issue as having Important impact for Red Hat AI Inference Server and Red Hat OpenShift AI vLLM serving images, and Moderate impact for Red Hat Enterprise Linux AI bootc images that bundle vLLM. Exploitation requires loading an untrusted HuggingFace cross-encoder model while the vLLM process runs with Python optimized mode (python -O or PYTHONOPTIMIZE=1). Red Hat AI Inference Server 3.2/3.3 images and other components without the vulnerable pooler activation loader (vLLM < 0.14.0) are not affected. Red Hat severity: Important — CVSS 7.5 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). Weakness: CWE-617. No fixing RHSA erratum has published yet; monitor the Red Hat CVE page and patch when it ships.
Mitigation checklist
- Avoid running vLLM with python -O or PYTHONOPTIMIZE=1 until updated packages are available. Only load models from trusted sources. Restrict who can deploy or update models on inference endpoints. Apply network access controls and authentication in front of vLLM APIs.
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.