CVE-2026-54236 affects the vLLM inference and serving engine for large language models. The vulnerability arises because several response paths in the application echo exception messages directly to clients without sanitizing them, bypassing the sanitize_message helper introduced to strip memory addresses from error messages. Specifically, the Anthropic API router endpoints, the Server-Sent Events streaming converter, and the realtime speech-to-text WebSocket handlers do not use the global FastAPI exception handler that performs sanitization. An attacker can send malformed image bytes that cause PIL.Image.open to raise an UnidentifiedImageError containing a BytesIO object representation, which includes heap memory addresses. These addresses are leaked verbatim in the error.message field of the JSON response. The issue is resolved in vLLM version 0.23.1rc0.

An unauthenticated attacker can cause the application to leak heap memory addresses in error messages returned by certain API endpoints and WebSocket handlers. This leakage of sensitive memory information may aid attackers in further attacks such as memory corruption or exploitation but does not directly impact integrity or availability. The CVSS score is 5.3 (medium severity) reflecting limited confidentiality impact with no integrity or availability impact.

A fix for this vulnerability is available in vLLM version 0.23.1rc0. Users should upgrade to this version or later to ensure that all exception messages are properly sanitized and memory addresses are not leaked. Until upgraded, avoid exposing the vulnerable API endpoints or WebSocket handlers to untrusted users. Patch status is not explicitly stated beyond the fix in 0.23.1rc0; check the vendor advisory for the latest remediation guidance.