CVE-2026-4944 HIGH

CVE-2026-4944: Hardcoded trust_remote_code=True in vllm-project/vllm Bypasses User Security Control

Vendor Vllm-Project
Product vllm-project/vllm
Weakness CWE-22 · Path traversal
Published May 28, 2026
Last update May 28, 2026

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

vllm-project/vllm version 0.14.1 contains a vulnerability where the `trust_remote_code=True` parameter is hardcoded in two model implementation files (`vllm/model_executor/models/nemotron_vl.py` and `vllm/model_executor/models/kimi_k25.py`). This bypasses the user's explicit `--trust-remote-code=False` setting, enabling remote code execution via malicious HuggingFace model repositories. This issue is an incomplete fix for CVE-2025-66448 and CVE-2026-22807, as it affects separate code paths in model implementation files. Deployments loading NemotronVL or KimiK25 models are particularly impacted.

Key dates

02Disclosure timeline

May 28, 2026 CVE published
May 28, 2026 Record updated