VDB
CVE-2026-27893
CVE-2026-27893
PUBLISHED
CVSS 8.800000190734863 HIGH
vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to version 0.18.0, two model implementation files hardcode `trust_remote_code=True` when loading sub-components, bypassing the user's explicit `--trust-remote-code=False` security opt-out. This enables remote code execution via malicious model repositories even when the user has explicitly disabled remote code trust. Version 0.18.0 patches the issue.
EPSS 0.05% · 14.8th percentile
Risk Scores
CVSS 3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
0.05%
14.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| vllm-project | vllm | >= 0.10.1, < 0.18.0, >= 0.10.1, < 0.18.0, >= 0.10.1, < 0.18.0 |
| PyPI | vllm | 0.10.1, 0.10.1, 0.10.1 |
| vllm | vllm | 0.10.1 |
Exploit Intelligence
- CIRCL published-proof-of-concept: CVE-2026-27893 (circl-sighting)
- CIRCL seen: CVE-2026-27893 (circl-sighting)
- CIRCL seen: CVE-2026-27893 (circl-sighting)
- https://github.com/vllm-project/vllm/security/advisories/GHSA-7972-pg2x-xr59 (circl)
- https://github.com/vllm-project/vllm/pull/36192 (circl)
- https://github.com/vllm-project/vllm/commit/00bd08edeee5dd4d4c13277c0114a464011acf72 (circl)
Timeline
- Mar 26, 2026 CVE Published
- Mar 27, 2026 Coalition ESS Score
- Mar 27, 2026 PoC Published
- Mar 27, 2026 PoC Published
- Mar 28, 2026 Security Advisory
- Mar 29, 2026 PoC Published
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
References
- https://github.com/vllm-project/vllm/security/advisories/GHSA-7972-pg2x-xr59 url
- https://github.com/vllm-project/vllm/pull/36192 url
- https://github.com/vllm-project/vllm/commit/00bd08edeee5dd4d4c13277c0114a464011acf72 url
- https://nvd.nist.gov/vuln/detail/CVE-2026-27893 advisory
- https://github.com/vllm-project/vllm package