CVE-2026-27893

Name of the Vulnerable Software and Affected Versions vLLM versions 0.10.1 through 0.17.x

Description vLLM is an inference and serving engine for large language models (LLMs). Starting with version 0.10.1 and continuing through version 0.17.x, two model implementation files hardcode trust remote code=True when loading sub-components. This bypasses the user’s explicit --trust-remote-code=False security setting, potentially enabling remote code execution via malicious model repositories, even when the user has disabled remote code trust. The vulnerability occurs because the system does not respect the user-defined security opt-out. The affected files override the user's setting without any warning or log entry. A malicious Hugging Face repository targeting either architecture can achieve code execution on the inference server.

Recommendations Versions 0.10.1 through 0.17.x are vulnerable and should be updated to version 0.18.0 or later.