CVE-2026-22773 is a vulnerability classified under CWE-770 (Allocation of Resources Without Limits or Throttling) affecting the vLLM project, an inference and serving engine for large language models. Specifically, versions from 0.6.4 up to but not including 0.12.0 are vulnerable. The flaw arises when the engine processes multimodal models that incorporate the Idefics3 vision model implementation. An attacker can send a specially crafted 1x1 pixel image that triggers a tensor dimension mismatch during inference. This mismatch leads to an unhandled runtime error, causing the vLLM server process to crash and terminate unexpectedly. The vulnerability does not require user interaction but does require low-level privileges to send the crafted input. The impact is a denial of service (DoS) due to server termination, affecting availability but not confidentiality or integrity. The CVSS v3.1 score is 6.5, reflecting medium severity with network attack vector, low attack complexity, and no user interaction needed. No known exploits are currently reported in the wild. The issue was publicly disclosed and patched in vLLM version 0.12.0, which includes proper input validation and resource management to prevent tensor dimension mismatches and unhandled errors.

For European organizations deploying vLLM for AI inference, particularly those using multimodal models with vision components, this vulnerability poses a risk of denial of service. An attacker could remotely crash inference servers, causing service outages and disruption of AI-driven applications such as automated customer support, image recognition, or data analysis. This could lead to operational downtime, loss of productivity, and potential reputational damage. While the vulnerability does not expose sensitive data or allow unauthorized data modification, the availability impact can be significant in environments relying heavily on AI services. Organizations in sectors like finance, healthcare, automotive, and research institutions that integrate large language models with vision capabilities are especially vulnerable. The lack of known exploits reduces immediate risk, but the ease of exploitation and network accessibility means attackers could weaponize this flaw if discovered. The medium severity rating suggests prioritizing patching to maintain service continuity and prevent potential denial of service attacks.

To mitigate CVE-2026-22773, European organizations should immediately upgrade all vLLM deployments to version 0.12.0 or later, where the vulnerability is patched. In addition to upgrading, organizations should implement strict input validation and sanitization for all data fed into AI inference engines, especially for multimodal inputs involving images. Deploy rate limiting and resource throttling mechanisms to prevent resource exhaustion from malformed or malicious inputs. Monitoring and alerting on unexpected server crashes or abnormal inference errors can help detect exploitation attempts early. Isolate AI inference services in segmented network zones to limit exposure to untrusted inputs. Conduct regular security assessments and code reviews of AI serving infrastructure to identify similar resource allocation or input handling issues. Finally, maintain an inventory of AI model components and their versions to ensure timely patch management and vulnerability tracking.