CVE-2026-55574 Overview
CVE-2026-55574 is a denial-of-service vulnerability in vLLM, a high-throughput inference and serving engine for large language models. The flaw resides in the structured_outputs.regex API parameter, which forwards user-supplied regular expression strings to grammar compiler backends without a compilation timeout. Attackers can submit an adversarial regex containing nested quantifiers, triggering exponential state-space expansion that hangs an inference worker indefinitely. Both the xgrammar and outlines backends are affected. The issue is classified under [CWE-1333] Inefficient Regular Expression Complexity and is fixed in vLLM version 0.24.0.
Critical Impact
A single unauthenticated network request containing a malicious regex pattern can hang an inference worker indefinitely, denying service to all downstream LLM consumers.
Affected Products
- vLLM versions prior to 0.24.0
- vLLM xgrammar structured output backend
- vLLM outlines structured output backend
Discovery Timeline
- 2026-07-06 - CVE-2026-55574 published to NVD
- 2026-07-07 - Last updated in NVD database
Technical Details for CVE-2026-55574
Vulnerability Analysis
vLLM exposes a structured_outputs.regex parameter that lets API clients constrain model generation to a user-supplied regular expression. The client-provided regex string is passed directly to the selected grammar compiler backend with no execution or compilation timeout. In the xgrammar backend, the pattern reaches the regex compiler without any guard. In the outlines backend, validation blocks structural issues such as lookarounds and backreferences but performs no complexity analysis. A pattern with nested quantifiers passes all checks and triggers catastrophic backtracking during compilation. Because vLLM workers process requests sequentially per slot, one adversarial regex is sufficient to stall an inference worker and deny service to concurrent tenants.
Root Cause
The root cause is the absence of a compilation timeout and complexity analysis on user-controlled regex input. Nested quantifiers such as (a+)+$ create state-space expansion that grows exponentially with input length, a class of flaw known as Regular Expression Denial of Service (ReDoS).
Attack Vector
An unauthenticated remote attacker sends a single HTTP request to a vLLM inference endpoint with an adversarial regex in the structured_outputs.regex field. Compilation blocks the worker thread, preventing further requests from being processed on that worker until the process is manually restarted.
# Security patch adds a compilation timeout environment variable
# Source: https://github.com/vllm-project/vllm/commit/2b3006076c5e9bc4cda9e03e3641388de3c5c286
VLLM_FLASHINFER_ALLREDUCE_BACKEND: Literal["auto", "trtllm", "mnnvl"] = "auto"
VLLM_FLASHINFER_WORKSPACE_BUFFER_SIZE: int = 394 * 1024 * 1024
VLLM_XGRAMMAR_CACHE_MB: int = 0
+ VLLM_REGEX_COMPILATION_TIMEOUT_S: int = 5
VLLM_MSGPACK_ZERO_COPY_THRESHOLD: int = 256
VLLM_ALLOW_INSECURE_SERIALIZATION: bool = False
VLLM_DISABLE_REQUEST_ID_RANDOMIZATION: bool = False
The fix introduces compile_regex_with_timeout in the outlines backend to enforce the new VLLM_REGEX_COMPILATION_TIMEOUT_S guard. See the GitHub Security Advisory GHSA-rwxx-mrjm-wc2m.
Detection Methods for CVE-2026-55574
Indicators of Compromise
- vLLM worker processes stuck at 100% CPU utilization on a single core for extended periods
- Inference request queues backing up with no completion events emitted from affected workers
- API request payloads containing regex patterns with nested quantifiers such as (a+)+, (.*)+, or (a|a)+
Detection Strategies
- Log all inbound structured_outputs.regex parameter values at the API gateway for offline complexity analysis
- Alert on inference workers that fail to emit token generation telemetry for longer than the expected model latency
- Correlate spikes in per-worker CPU time with the absence of completed requests to identify stalled workers
Monitoring Recommendations
- Instrument the vLLM API layer to record request-to-response latency distributions per endpoint and alert on outliers
- Monitor worker health endpoints and process CPU counters for sustained saturation without throughput
- Ship API access logs and process telemetry to a centralized analytics platform for correlation across the inference fleet
How to Mitigate CVE-2026-55574
Immediate Actions Required
- Upgrade vLLM to version 0.24.0 or later, which enforces a regex compilation timeout by default
- Restrict network access to vLLM inference endpoints so that only authenticated internal services can submit structured_outputs.regex requests
- Review recent API logs for suspicious regex patterns containing nested quantifiers and identify affected worker processes for restart
Patch Information
The fix is available in vLLM 0.24.0 via pull request #45118 and commit 2b30060. The patch adds a VLLM_REGEX_COMPILATION_TIMEOUT_S environment variable defaulting to 5 seconds and introduces a compile_regex_with_timeout helper in the outlines backend.
Workarounds
- Deploy an API gateway or reverse proxy that rejects requests whose structured_outputs.regex values exceed a reasonable length or contain nested quantifier patterns
- Enforce short per-request timeouts at the load balancer to terminate connections that exceed expected inference latency
- Disable the structured_outputs.regex feature entirely if it is not required by your workloads
# Set the regex compilation timeout after upgrading to vLLM 0.24.0+
export VLLM_REGEX_COMPILATION_TIMEOUT_S=5
# Launch vLLM with the timeout guard active
python -m vllm.entrypoints.openai.api_server \
--model your-model-name \
--host 0.0.0.0 \
--port 8000
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

