CVE-2026-7141

Name of the Vulnerable Software and Affected Versions vllm versions prior to 0.19.0

Description A flaw in the KV Block Handler component, specifically within the has mamba layers() function of the vllm/v1/kv cache interface.py file, allows for an uninitialized resource through manipulation. This issue can be triggered remotely, although the attack complexity is high and exploitability is difficult.

Recommendations Deploy patch 1ad67864c0c20f167929e64c875f5c28e1aad9fd for versions prior to 0.19.0. As a temporary workaround, restrict access to the has mamba layers() function to minimize the risk of exploitation.