CVE-2026-55646 | vllm-project vLLM up to 0.23.x Audio Transcription/Translation /v1/audio/transcriptions request.file.read File unrestricted upload
A vulnerability was found in vllm-project vLLM up to 0.23.x. It has been declared as critical. Affected by this vulnerability is the function request.file.read of the file /v1/audio/transcriptions of the component Audio Transcription/Translation Handler. Such manipulation of the argument File leads to unrestricted upload.
This vulnerability is listed as CVE-2026-55646. The attack may be performed from remote. There is no available exploit.VulDB Recent EntriesRead More