CVE-2026-4944

Affects: vLLM

CVSS: HIGH · 8.8 v3.0
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Published: 2026-05-28
Weakness: CWE-22
Source: nvd.nist.gov/vuln/detail/CVE-2026-4944

Description

vllm-project/vllm version 0.14.1 contains a vulnerability where the trust_remote_code=True parameter is hardcoded in two model implementation files (vllm/model_executor/models/nemotron_vl.py and vllm/model_executor/models/kimi_k25.py). This bypasses the user’s explicit --trust-remote-code=False setting, enabling remote code execution via malicious HuggingFace model repositories. This issue is an incomplete fix for CVE-2025-66448 and CVE-2026-22807, as it affects separate code paths in model implementation files. Deployments loading NemotronVL or KimiK25 models are particularly impacted.

References

How GTK Cyber trains on this

AI security training at GTK Cyber covers the LLM and ML-pipeline vulnerability classes that vulnerabilities like CVE-2026-4944 fall into. Our hands-on courses are taught by Charles Givre and other practitioners who break and defend production AI systems.

AI Red-Teaming course → · Browse MITRE ATLAS techniques

Related AI/LLM CVEs

AI security training, taught by people who do the work.

Hands-on courses on adversarial AI, prompt injection, and ML pipeline security.

Explore AI Red-Teaming