A newly disclosed critical vulnerability in the vLLM Python package (CVE-2026-22778) allows remote code execution by submitting a malicious video URL to multimodal API endpoints, putting millions of AI servers at risk. The flaw stems from a PIL memory-address disclosure combined with a JPEG2000 heap overflow in FFmpeg (bundled with OpenCV); vLLM 0.14.1 patches the issue and organizations should update or disable video support immediately. #vLLM #CVE-2026-22778
Keypoints
- CVE-2026-22778 enables unauthenticated remote code execution via crafted video links to vLLM multimodal endpoints.
- vLLM versions >= 0.8.3 and < 0.14.1 are affected; the vulnerability is fixed in vLLM 0.14.1.
- The exploit chain combines a PIL error message that leaks a heap address with a JPEG2000 heap overflow in FFmpeg (bundled in OpenCV) to achieve RCE.
- Internet-facing, clustered, and GPU-backed vLLM deployments face a large blast radius, allowing full server takeover, data exfiltration, and lateral movement.
- Organizations should update to vLLM 0.14.1 immediately or disable video/multimodal functionality until patched; OX Security has notified vulnerable customers.
Read More: https://thecyberexpress.com/cve-2026-22778-vllm-rce-malicious-video-link/