CVE-2026-7141

medium Red Hat
CVSS v3 Base Score
5.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score
0.1%
Exploitation probability in 30 days
Top 79% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Confidentiality
Low
Integrity
Low
Availability
Low
Published: April 27, 2026 (73 days ago)
Last Modified: April 27, 2026
Vendor: Red Hat
Source: REDHAT

Description

A flaw was found in vllm. A remote attacker can exploit a vulnerability in the `has_mamba_layers` function within the KV Block Handler component. By performing a specific manipulation, an uninitialized resource can be triggered, potentially leading to information disclosure or denial of service. The attack is considered to have high complexity, and exploitation is difficult.

CWE

CWE-908

Affected Products

Red Hat AI Inference ServerRed Hat Enterprise Linux AI (RHEL AI) 3Red Hat OpenShift AI (RHOAI)

References