PT-2026-29877 · Vllm+2 · Vllm+2
Kexinoh
·
Published
2026-04-02
·
Updated
2026-05-11
·
CVE-2026-34760
CVSS v3.1
7.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
vLLM versions 0.5.5 through 0.17.999
Description
vLLM, an inference and serving engine for large language models (LLMs), exhibits an inconsistency in audio processing. Versions 0.5.5 through 0.17.999 utilize numpy.mean for mono downmixing via Librosa, deviating from the ITU-R BS.775-4 weighted downmixing standard. This discrepancy causes differences in audio perception between human listeners and AI models that process audio using Librosa.
Recommendations
Update to version 0.18.0 or later.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Librosa
Numpy
Vllm