Critical RCE in vLLM Allows Server Takeover via Malicious Video URL (CVE-2026-22778)
Complete Cloud Security in Minutes – Orca Security
2026-02-04 01:13:59
收藏
Introduction A critical vulnerability (CVE-2026-22778, CVSS 9.8) was disclosed on February 2, 2026, affecting vLLM, a widely-deployed Python library for serving large language models. The flaw allows unauthenticated attackers to achieve remote code execution by sending a specially crafted video URL to the API. No active exploitation has been publicly confirmed yet, but a detailed […]
The post Critical RCE in vLLM Allows Server Takeover via Malicious Video URL (CVE-2026-22778) appeared first on Orca Security.
目录
最新
- HackerBot-Claw: An AI-Assisted Campaign Targeting GitHub Actions Pipelines
- Post-Exploitation at Scale: The Rise of AILM
- Top 5 Takeaways from the Webinar on Agentic AI and Cloud Native Protection
- Unlocking Kubernetes Security: Insights from Our Session at SANS Kubernetes & CNAPP Forum
- Four Critical SolarWinds Serv-U RCE Flaws Enable Root Access
- The Future of AppSec: AI, Context, and Action
- Breaking: Actively Exploited Chrome Zero-Day May Impact Enterprise, Developer, and Automation Environments
- Building Application Security from the Ground Up: An Organizational Approach