Is this vulnerability remotely exploitable over the vLLM inference API?

Not directly. Exploitation does not require sending crafted inference requests; it occurs when vLLM loads a model whose repository or directory has been compromised or is attacker-controlled. However, if an attacker can influence the model path via a remote configuration or management interface, that remote control can indirectly lead to code execution.

What level of access does an attacker need to exploit this?

The attacker needs the ability to control the model repo or local directory that vLLM loads, or to influence configuration so that vLLM points to a malicious model source. This could be achieved through compromised CI/CD pipelines, misconfigured write permissions on model directories, or control over a referenced remote model repository.

What is the safest general fix pattern?

The safest approach is to enforce a default-deny posture for dynamic code loading: honor trust flags like `trust_remote_code`, avoid executing code from model metadata by default, and only enable dynamic imports for explicitly trusted and vetted model sources. Additionally, decouple configuration from code execution so that model configs cannot trigger arbitrary imports without explicit operator approval.

Severity:

HIGH RISK

(8.8)

Arbitrary Code Execution via Untrusted Dynamic Module Loading (CWE-94) in vLLM Model Resolution

CVE-2026-22807

Published:

Jan 21, 2026

Status:

Analyzed

Summary

Affected Context

Exploit Preconditions

Why This Happens

Potential Impact

General Mitigation Guidance

How Teams Detect Issues Like This

Frequently Asked Questions

Source

NDV

Recent Vulnerabilities

CWE-306

CRITICAL RISK

CRITICAL

(9.8)

Missing Authentication for Forgot-Password Email Change API (CWE-306)

Account Takeover / Loss of Account Control

February 17, 2026

CWE-77;CWE-78

HIGH RISK

HIGH

(7.3)

OS Command Injection (CWE-78) in node-sonos-http-api TTS Provider for macOS

Remote Code Execution on the Server Host

February 17, 2026

Vulnerability Type

Category:

Arbitrary Code Execution via Dynamic Code Evaluation

CWE:

CWE-94

Impact:

Remote Code Execution on vLLM Host During Model Load

Severity:

HIGH RISK

(8.8)

CVSS Version:

3.1

Vulnerability Type

Category:

Arbitrary Code Execution via Dynamic Code Evaluation

CWE:

CWE-94

Impact:

Remote Code Execution on vLLM Host During Model Load

Severity:

HIGH RISK

(8.8)

CVSS Version:

3.1

Catch This CVE While Code Is Being Written

Detect vulnerable code directly in pull requests, so CVEs are fixed before merge.

Get Started

Ship clean & secure code faster

START 14 DAYS FREE TRIAL

BOOK A DEMO

Made with Love in San Francisco

355 Bryant St. San Francisco, CA 94107, USA

Ask AI for summary of CodeAnt

Made with Love in San Francisco

355 Bryant St. San Francisco, CA 94107, USA

Ask AI for summary of CodeAnt

Made with Love in San Francisco

355 Bryant St. San Francisco, CA 94107, USA

Ask AI for summary of CodeAnt

Arbitrary Code Execution via Untrusted Dynamic Module Loading (CWE-94) in vLLM Model Resolution

Summary

Affected Context

Exploit Preconditions

Why This Happens

Potential Impact

General Mitigation Guidance

How Teams Detect Issues Like This

Frequently Asked Questions

Source

Recent Vulnerabilities

CRITICAL RISK

CRITICAL

(9.8)

Missing Authentication for Forgot-Password Email Change API (CWE-306)

HIGH RISK

HIGH

(7.3)

OS Command Injection (CWE-78) in node-sonos-http-api TTS Provider for macOS

Vulnerability Type

Vulnerability Type

Vulnerability Type

Vulnerability Type

Catch This CVE While Code Is Being Written

Ship clean & secure code faster

Product

Pricing

Company

Legal

Developers

Compare

Product

Pricing

Company

Legal

Developers

Compare

Product

Pricing

Company

Legal

Developers

Compare