Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2026-55574

CVE-2026-55574: Vllm Vllm DoS Vulnerability

CVE-2026-55574 is a denial of service vulnerability in Vllm Vllm that allows attackers to hang inference workers indefinitely through adversarial regex patterns. This article covers technical details, affected versions, and mitigation.

Published:

CVE-2026-55574 Overview

CVE-2026-55574 is a denial-of-service vulnerability in vLLM, a high-throughput inference and serving engine for large language models. The flaw resides in the structured_outputs.regex API parameter, which forwards user-supplied regular expression strings to grammar compiler backends without a compilation timeout. Attackers can submit an adversarial regex containing nested quantifiers, triggering exponential state-space expansion that hangs an inference worker indefinitely. Both the xgrammar and outlines backends are affected. The issue is classified under [CWE-1333] Inefficient Regular Expression Complexity and is fixed in vLLM version 0.24.0.

Critical Impact

A single unauthenticated network request containing a malicious regex pattern can hang an inference worker indefinitely, denying service to all downstream LLM consumers.

Affected Products

  • vLLM versions prior to 0.24.0
  • vLLM xgrammar structured output backend
  • vLLM outlines structured output backend

Discovery Timeline

  • 2026-07-06 - CVE-2026-55574 published to NVD
  • 2026-07-07 - Last updated in NVD database

Technical Details for CVE-2026-55574

Vulnerability Analysis

vLLM exposes a structured_outputs.regex parameter that lets API clients constrain model generation to a user-supplied regular expression. The client-provided regex string is passed directly to the selected grammar compiler backend with no execution or compilation timeout. In the xgrammar backend, the pattern reaches the regex compiler without any guard. In the outlines backend, validation blocks structural issues such as lookarounds and backreferences but performs no complexity analysis. A pattern with nested quantifiers passes all checks and triggers catastrophic backtracking during compilation. Because vLLM workers process requests sequentially per slot, one adversarial regex is sufficient to stall an inference worker and deny service to concurrent tenants.

Root Cause

The root cause is the absence of a compilation timeout and complexity analysis on user-controlled regex input. Nested quantifiers such as (a+)+$ create state-space expansion that grows exponentially with input length, a class of flaw known as Regular Expression Denial of Service (ReDoS).

Attack Vector

An unauthenticated remote attacker sends a single HTTP request to a vLLM inference endpoint with an adversarial regex in the structured_outputs.regex field. Compilation blocks the worker thread, preventing further requests from being processed on that worker until the process is manually restarted.

python
# Security patch adds a compilation timeout environment variable
# Source: https://github.com/vllm-project/vllm/commit/2b3006076c5e9bc4cda9e03e3641388de3c5c286
     VLLM_FLASHINFER_ALLREDUCE_BACKEND: Literal["auto", "trtllm", "mnnvl"] = "auto"
     VLLM_FLASHINFER_WORKSPACE_BUFFER_SIZE: int = 394 * 1024 * 1024
     VLLM_XGRAMMAR_CACHE_MB: int = 0
+    VLLM_REGEX_COMPILATION_TIMEOUT_S: int = 5
     VLLM_MSGPACK_ZERO_COPY_THRESHOLD: int = 256
     VLLM_ALLOW_INSECURE_SERIALIZATION: bool = False
     VLLM_DISABLE_REQUEST_ID_RANDOMIZATION: bool = False

The fix introduces compile_regex_with_timeout in the outlines backend to enforce the new VLLM_REGEX_COMPILATION_TIMEOUT_S guard. See the GitHub Security Advisory GHSA-rwxx-mrjm-wc2m.

Detection Methods for CVE-2026-55574

Indicators of Compromise

  • vLLM worker processes stuck at 100% CPU utilization on a single core for extended periods
  • Inference request queues backing up with no completion events emitted from affected workers
  • API request payloads containing regex patterns with nested quantifiers such as (a+)+, (.*)+, or (a|a)+

Detection Strategies

  • Log all inbound structured_outputs.regex parameter values at the API gateway for offline complexity analysis
  • Alert on inference workers that fail to emit token generation telemetry for longer than the expected model latency
  • Correlate spikes in per-worker CPU time with the absence of completed requests to identify stalled workers

Monitoring Recommendations

  • Instrument the vLLM API layer to record request-to-response latency distributions per endpoint and alert on outliers
  • Monitor worker health endpoints and process CPU counters for sustained saturation without throughput
  • Ship API access logs and process telemetry to a centralized analytics platform for correlation across the inference fleet

How to Mitigate CVE-2026-55574

Immediate Actions Required

  • Upgrade vLLM to version 0.24.0 or later, which enforces a regex compilation timeout by default
  • Restrict network access to vLLM inference endpoints so that only authenticated internal services can submit structured_outputs.regex requests
  • Review recent API logs for suspicious regex patterns containing nested quantifiers and identify affected worker processes for restart

Patch Information

The fix is available in vLLM 0.24.0 via pull request #45118 and commit 2b30060. The patch adds a VLLM_REGEX_COMPILATION_TIMEOUT_S environment variable defaulting to 5 seconds and introduces a compile_regex_with_timeout helper in the outlines backend.

Workarounds

  • Deploy an API gateway or reverse proxy that rejects requests whose structured_outputs.regex values exceed a reasonable length or contain nested quantifier patterns
  • Enforce short per-request timeouts at the load balancer to terminate connections that exceed expected inference latency
  • Disable the structured_outputs.regex feature entirely if it is not required by your workloads
bash
# Set the regex compilation timeout after upgrading to vLLM 0.24.0+
export VLLM_REGEX_COMPILATION_TIMEOUT_S=5

# Launch vLLM with the timeout guard active
python -m vllm.entrypoints.openai.api_server \
    --model your-model-name \
    --host 0.0.0.0 \
    --port 8000

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.