Ghostwire

CVE-2026-53923: vLLM: GGUF dequantize kernel int truncation exposes uninitialized GPU memory in multi-tenant serving

MEDIUM CVSS 0.0 Exploit Available

Published: June 17, 2026 | Last Modified: June 17, 2026

Description

vLLM: GGUF dequantize kernel int truncation exposes uninitialized GPU memory in multi-tenant serving

Ghostwire Analysis — What This Means Practically

Exploit code is reported to be available, increasing the likelihood of active exploitation.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

References

github.com/vllm-project/vllm/security/advisories/GHSA-5jv2-g5wq-cmr4
github.com/vllm-project/vllm/pull/44971
github.com/vllm-project/vllm/commit/f219788f91952827132fa4fdf916427cd20d225e
github.com/advisories/GHSA-5jv2-g5wq-cmr4
www.tenable.com/cve/CVE-2026-53923
www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2026-53923