CVE-2026-34753

medium Red Hat
CVSS v3 Base Score
5.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Confidentiality
Low
Integrity
None
Availability
Low
Published: April 6, 2026 (37 days ago)
Last Modified: April 6, 2026
Vendor: Red Hat
Source: REDHAT

Description

A flaw was found in vLLM. This server-side request forgery (SSRF) vulnerability allows an attacker who can control batch input JSON to force the vLLM batch runner to make arbitrary HTTP/HTTPS requests from the server. This can be exploited to access internal services, such as cloud metadata endpoints or internal HTTP APIs, potentially leading to information disclosure or further compromise of the host system.

CWE

CWE-918

Affected Products

Red Hat AI Inference ServerRed Hat Enterprise Linux AI (RHEL AI) 3Red Hat OpenShift AI (RHOAI)

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 github.com