Yunzez

**Name of the Vulnerable Software and Affected Versions** vLLM versions 0.18.0 through 0.19.1 **Description** The `extract hidden states` speculative decoding proposer returns a tensor with an incorrect shape after the first decode step, leading to a `RuntimeError` that crashes the EngineCore process. This occurs when any request in a batch utilizes sampling penalty parameters: `repetition penalty`, `frequency penalty`, or `presence penalty`. The issue stems from a refactor in the `propose()` function where the removal of a `.unsqueeze(-1)` call caused a broadcast shape mismatch during penalty application, as the rejection sampler produces a shape of `(batch size, 2)` instead of the expected `(batch size, 1)` after the first decode step. A single request containing a penalty parameter is sufficient to cause a deterministic and immediate server crash, resulting in a complete loss of service availability. **Recommendations** Update to version 0.20.0. Avoid using `extract hidden states` as the speculative decoding method. Strip or reject the `repetition penalty`, `frequency penalty`, and `presence penalty` parameters from incoming requests at the API gateway.