Skip to content

Add CVE-2026-22778 vLLM Information Disclosure Template#15358

Closed
radraccoon wants to merge 3 commits intoprojectdiscovery:mainfrom
epsilon-sh:add-CVE-2026-22778
Closed

Add CVE-2026-22778 vLLM Information Disclosure Template#15358
radraccoon wants to merge 3 commits intoprojectdiscovery:mainfrom
epsilon-sh:add-CVE-2026-22778

Conversation

@radraccoon
Copy link
Copy Markdown

@radraccoon radraccoon commented Feb 16, 2026
edited
Loading

Description

Adds nuclei template for CVE-2026-22778 - vLLM information disclosure via PIL exception memory leak.

Details

  • CVE: CVE-2026-22778
  • CVSS: 9.8 (Critical)
  • CWE: CWE-209 (Information exposure through an error message)
  • Product: vLLM
  • Affected Versions: 0.8.3 through 0.14.0
  • Fixed: 0.14.1

Detection Method

Non-destructive two-step API probe:

  1. GET /v1/models to retrieve model ID
  2. POST malformed base64 image to /v1/chat/completions
  3. Match PIL BytesIO memory address leak in error response

Validation

  • Validated with a host running a vulnerable version
  • Validated with a host running a patched version

References

@pussycat0x pussycat0x added the Status: In Progress This issue is being worked on, and has someone assigned. label Feb 16, 2026
@radraccoon
Mark template verified: mock TP+TN confirmed
e1b945d 
Tested against mock vLLM servers:
- Vulnerable (PIL BytesIO leak): template fires, extracts 0x address — true positive
- Patched (generic error): template silent — true negative

Validated with nuclei v3.7.0.
@radraccoon
Copy link
Copy Markdown
Author

radraccoon commented Feb 16, 2026

Verification

Tested against mock vLLM API servers (Node.js) simulating both vulnerable and patched responses:

True Positive (vulnerable mock — PIL BytesIO memory leak in error):

[CVE-2026-22778:leaked_address] [http] [critical] http://localhost:8000/v1/chat/completions ["0x7f3a4c2b8f40"]

True Negative (patched mock — generic error without memory address):

No results found.

Template correctly:

  • Extracts model ID from /v1/models (step 1)
  • Sends malformed image to /v1/chat/completions (step 2)
  • Matches PIL BytesIO object at 0x... pattern in error response
  • Extracts the leaked heap address
  • Stays silent when error message doesn't contain memory address

Validated with nuclei v3.7.0. Pushed verified: true.

@radraccoon
Fix multi-step request: merge into single raw block for variable passing
e69d80c 
Separate raw blocks don't share extracted variables in nuclei.
Merged GET /v1/models and POST /v1/chat/completions into one raw
block so {{model_id}} flows correctly. Combined duplicate extractors
keys. Verified: 1 TP + 1 TN against mock servers.
@pussycat0x
Copy link
Copy Markdown
Contributor

pussycat0x commented Feb 24, 2026

Hi @radraccoon, Could you please run Nuclei with the -debug flag and share the debug output?
nuclei -u target -t template.yaml -debug This will help us further validation.

@pussycat0x pussycat0x added Done Ready to merge and removed Status: In Progress This issue is being worked on, and has someone assigned. labels Apr 15, 2026
@pussycat0x
Copy link
Copy Markdown
Contributor

pussycat0x commented Apr 15, 2026

Hi @radraccoon, thank you for your interest in contributing. As you mentioned, the template was tested in a mock environment, which may lead to false positives/not suitable for this repo. We also set up a vulnerable environment on our end and tested the template, but it did not behave as expected. Therefore, we are closing this PR for now. Please feel free to open a new PR once you have the necessary data and validations in place.

@pussycat0x pussycat0x closed this Apr 15, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@theamanrawat theamanrawat Awaiting requested review from theamanrawat

Assignees

@pussycat0x pussycat0x

Labels

Done Ready to merge

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@radraccoon @pussycat0x