CVE-2026-44222

Name of the Vulnerable Software and Affected Versions vLLM versions 0.6.1 through 0.19.x

Description A Token Injection issue exists in the multimodal processing of vLLM. Unauthenticated, text-only prompts containing special tokens are interpreted as control commands. When image and video placeholder sequences are provided without corresponding data, the system attempts to index into empty grids during input-position computation. This triggers an unhandled IndexError in the get input positions tensor() and vl get input positions tensor() functions, which can terminate the worker or degrade service availability, leading to a remote Denial of Service. The issue specifically affects multimodal paths relying on image grid thw and video grid thw variables.

Recommendations Update to version 0.20.0. As a temporary workaround, restrict the use of the vl get input positions tensor() function or sanitize user inputs to prevent the injection of multimodal placeholder tokens in text-only prompts.