Vulnerability DatabaseCVE-2026-22807

CVE-2026-22807:
Chainguard vulnerability analysis and mitigation

vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to version 0.14.0, vLLM loads Hugging Face auto_map dynamic modules during model resolution without gating on trust_remote_code, allowing attacker-controlled Python code in a model repo/path to execute at server startup. An attacker who can influence the model repo/path (local directory or remote Hugging Face repo) can achieve arbitrary code execution on the vLLM host during model load. This happens before any request handling and does not require API access. Version 0.14.0 fixes the issue.

Source: NVD

View vulnerable instances

Not a customer? See how Wiz maps CVEs like this one to real cloud attack paths.

Watch 12-min demo

9.8

Score

Published January 21, 2026

Severity CRITICAL

CNA Score 8.8

Affected Technologies

Chainguard
vLLM

Has Public Exploit Yes

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 6.1

Exploitation Probability (EPSS) N/A

Affected packages and libraries

py3-vllm-cuda-12.4
tritonserver-backend-vllm-cuda-12.9

Sources

NVD
Chainguard
- Chainguard Has FixAdded at: Jan 23, 2026
GitHub Advisory Database
- pip Severity HIGHHas FixAdded at: Jan 22, 2026

Get a CVE risk assessment

Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.

Request assessment

Related Chainguard vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-41242	CRITICAL	9.4	JavaScript	librechat	No	Yes	Apr 18, 2026
CVE-2026-40260	MEDIUM	6.9	Python	litellm	No	Yes	Apr 17, 2026
CVE-2026-40293	MEDIUM	6.5	Wolfi	openfga	No	Yes	Apr 17, 2026
CVE-2026-40347	MEDIUM	5.3	Python	vllm-openai-cuda-12.9	No	Yes	Apr 18, 2026
CVE-2026-6491	MEDIUM	4.8	Wolfi	libvips	No	No	Apr 17, 2026