CVE-2026-48746

Name of the Vulnerable Software and Affected Versions vLLM versions 0.3.0 through 0.21.0

Description An authentication bypass exists in the OpenAI API AuthenticationMiddleware due to improper trust in the reconstructed URL path from the ASGI scope. The url path is derived from a URL object reconstructed by starlette using the request scope, which includes the Host header. Because starlette and ASGI servers (such as uvicorn) do not properly filter the Host header for invalid characters, an attacker can inject special characters like / or ? into the Host header to manipulate the .path attribute. Since FastAPI and starlette routing rely on the HTTP path rather than the parsed url.path attribute, an attacker can bypass authentication checks for routes starting with /v1 and access the API without a valid VLLM API KEY or --api-key. Instances behind RFC-conforming web servers, such as nginx, are not affected.

Recommendations Update to version 0.22.0.