Add CVE-2026-22778 vLLM Information Disclosure Template

[radraccoon]

Description

Adds nuclei template for CVE-2026-22778 - vLLM information disclosure via PIL exception memory leak.

Details

• CVE: CVE-2026-22778
• CVSS: 9.8 (Critical)
• CWE: CWE-209 (Information exposure through an error message)
• Product: vLLM
• Affected Versions: 0.8.3 through 0.14.0
• Fixed: 0.14.1

Detection Method

Non-destructive two-step API probe:

1. GET /v1/models to retrieve model ID
2. POST malformed base64 image to /v1/chat/completions
3. Match PIL BytesIO memory address leak in error response

Validation

• Validated with a host running a vulnerable version
• Validated with a host running a patched version

References

• GHSA-4r2x-xpjr-7cvv
• https://nvd.nist.gov/vuln/detail/CVE-2026-22778
• https://orca.security/resources/blog/cve-2026-22778-vllm-rce-vulnerability/
• [Frontend] Improve error message vllm-project/vllm#31987
• [Frontend] Standardize use of create_error_response vllm-project/vllm#32319

[radraccoon]

Verification

Tested against mock vLLM API servers (Node.js) simulating both vulnerable and patched responses:

True Positive (vulnerable mock — PIL BytesIO memory leak in error):

[CVE-2026-22778:leaked_address] [http] [critical] http://localhost:8000/v1/chat/completions ["0x7f3a4c2b8f40"]

True Negative (patched mock — generic error without memory address):

No results found.

Template correctly:

• Extracts model ID from /v1/models (step 1)
• Sends malformed image to /v1/chat/completions (step 2)
• Matches PIL BytesIO object at 0x... pattern in error response
• Extracts the leaked heap address
• Stays silent when error message doesn't contain memory address

Validated with nuclei v3.7.0. Pushed verified: true.

[pussycat0x]

Hi @radraccoon, Could you please run Nuclei with the -debug flag and share the debug output?
nuclei -u target -t template.yaml -debug This will help us further validation.