CVE-2026-34753: CWE-918: Server-Side Request Forgery (SSRF) in vllm-project vllm
vLLM versions from 0. 16. 0 up to but not including 0. 19. 0 contain a server-side request forgery (SSRF) vulnerability in the download_bytes_from_url function. This flaw allows an attacker who can control batch input JSON to make the vLLM batch runner issue arbitrary HTTP/HTTPS requests from the server without any URL validation or domain restrictions. The vulnerability enables targeting of internal services accessible from the vLLM host, such as cloud metadata endpoints or internal HTTP APIs. The issue is fixed in version 0. 19. 0.
AI Analysis
Technical Summary
The vulnerability CVE-2026-34753 in vLLM (versions >=0.16.0 and <0.19.0) is a server-side request forgery (CWE-918) in the download_bytes_from_url function. It allows an attacker with the ability to control batch input JSON to cause the vLLM batch runner to send arbitrary HTTP or HTTPS requests from the server without any validation or domain restrictions. This can be exploited to access internal services reachable from the host running vLLM, such as cloud metadata services or internal APIs. The vulnerability is resolved in vLLM version 0.19.0.
Potential Impact
An attacker able to control batch input JSON can leverage this SSRF vulnerability to make the server perform arbitrary HTTP/HTTPS requests. This can lead to unauthorized access to internal network resources or cloud metadata endpoints, potentially exposing sensitive information. The vulnerability does not directly impact confidentiality or integrity of the vLLM server itself but can be used as a pivot to gather internal information. The CVSS score of 5.4 reflects a medium impact primarily on confidentiality with limited integrity and availability impact.
Mitigation Recommendations
This vulnerability is fixed in vLLM version 0.19.0. Users should upgrade to version 0.19.0 or later to remediate this issue. Since no official patch links or advisories are provided, verify the upgrade from the official vLLM project sources. There is no indication that temporary mitigations or workarounds are available. Patch status is not explicitly confirmed beyond the fix in version 0.19.0, so users should consult the vendor's official release notes for confirmation.
CVE-2026-34753: CWE-918: Server-Side Request Forgery (SSRF) in vllm-project vllm
Description
vLLM versions from 0. 16. 0 up to but not including 0. 19. 0 contain a server-side request forgery (SSRF) vulnerability in the download_bytes_from_url function. This flaw allows an attacker who can control batch input JSON to make the vLLM batch runner issue arbitrary HTTP/HTTPS requests from the server without any URL validation or domain restrictions. The vulnerability enables targeting of internal services accessible from the vLLM host, such as cloud metadata endpoints or internal HTTP APIs. The issue is fixed in version 0. 19. 0.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability CVE-2026-34753 in vLLM (versions >=0.16.0 and <0.19.0) is a server-side request forgery (CWE-918) in the download_bytes_from_url function. It allows an attacker with the ability to control batch input JSON to cause the vLLM batch runner to send arbitrary HTTP or HTTPS requests from the server without any validation or domain restrictions. This can be exploited to access internal services reachable from the host running vLLM, such as cloud metadata services or internal APIs. The vulnerability is resolved in vLLM version 0.19.0.
Potential Impact
An attacker able to control batch input JSON can leverage this SSRF vulnerability to make the server perform arbitrary HTTP/HTTPS requests. This can lead to unauthorized access to internal network resources or cloud metadata endpoints, potentially exposing sensitive information. The vulnerability does not directly impact confidentiality or integrity of the vLLM server itself but can be used as a pivot to gather internal information. The CVSS score of 5.4 reflects a medium impact primarily on confidentiality with limited integrity and availability impact.
Mitigation Recommendations
This vulnerability is fixed in vLLM version 0.19.0. Users should upgrade to version 0.19.0 or later to remediate this issue. Since no official patch links or advisories are provided, verify the upgrade from the official vLLM project sources. There is no indication that temporary mitigations or workarounds are available. Patch status is not explicitly confirmed beyond the fix in version 0.19.0, so users should consult the vendor's official release notes for confirmation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-30T19:17:10.225Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d49831aaed68159aca0f91
Added to database: 4/7/2026, 5:37:53 AM
Last enriched: 4/14/2026, 4:04:55 PM
Last updated: 5/22/2026, 12:18:21 PM
Views: 160
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.