Ò»¡¢Îó²î¸ÅÊö
Îó²îÃû³Æ | vLLM auto_map ¶¯Ì¬Ä£¿£¿£¿éÔ¶³Ì´úÂëÖ´ÐÐÎó²î |
CVE ID | CVE-2026-22807 |
Îó²îÀàÐÍ | RCE | ·¢Ã÷ʱ¼ä | 2026-01-22 |
Îó²îÆÀ·Ö | 8.8 | Îó²îÆ·¼¶ | ¸ßΣ |
¹¥»÷ÏòÁ¿ | ÍøÂç | ËùÐèȨÏÞ | ÎÞ |
ʹÓÃÄÑ¶È | µÍ | Óû§½»»¥ | ÐèÒª |
PoC/EXP | δ¹ûÕæ | ÔÚҰʹÓà | δ·¢Ã÷ |
vLLMÊÇÒ»¸ö¸ßÐÔÄܵĴóÄ£×ÓÍÆÀí¿ò¼Ü£¬£¬£¬£¬£¬£¬×¨Îª´ó¹æÄ£ÓïÑÔÄ£×ӵĸßÍÌÍÂÁ¿¡¢µÍÑÓ³Ù°²ÅŶøÉè¼Æ¡£¡£¡£¡£Æä½¹µãÌØÕ÷°üÀ¨PagedAttention¸ßЧÄÚ´æÖÎÀí¡¢²¢Ðл¯µ÷ÀíÓÅ»¯ÒÔ¼°¶Ô¶àGPU¡¢ÂþÑÜʽÇéÐεÄÓÅÒìÖ§³Ö¡£¡£¡£¡£vLLM¼æÈÝHugging Face½Ó¿Ú£¬£¬£¬£¬£¬£¬±ãÓÚÄ£×Ó¿ìËÙ¼ÓÔØÓ뼯³É£¬£¬£¬£¬£¬£¬ÆÕ±éÓÃÓÚÍÆÀíЧÀÍ¡¢AIÓ¦Óúó¶ËÓëÉú²ú¼¶Ä£×Ó°²Åų¡¾°¡£¡£¡£¡£
2026Äê1ÔÂ22ÈÕ£¬£¬£¬£¬£¬£¬ÈËÉú¾ÍÊDz©¼¯ÍÅVSRC¼à²âµ½vLLMÔÚÄ£×Ó³õʼ»¯½×¶Î±£´æµÄÒ»ÏîÔ¶³Ì´úÂëÖ´ÐÐÎó²î¡£¡£¡£¡£¸ÃÎó²îÔ´ÓÚvLLMÔÚÆÊÎöÄ£×ÓÉèÖÃʱ£¬£¬£¬£¬£¬£¬ÎÞÌõ¼þ¼ÓÔØHugging FaceÄ£×ÓÖеÄauto_map¶¯Ì¬Ä£¿£¿£¿é£¬£¬£¬£¬£¬£¬ÇÒδ¶Ôtrust_remote_codeÑ¡Ïî¾ÙÐÐÓÐÓÃУÑé¡£¡£¡£¡£¹¥»÷ÕßÒ»µ©Äܹ»¿ØÖÆÄ£×Ó¿Íջ·¾¶£¨ÍâµØÄ¿Â¼»òÔ¶³Ì¿ÍÕ»£©£¬£¬£¬£¬£¬£¬¼´¿ÉÔÚÄ£×Ó¼ÓÔØÀú³ÌÖÐ×¢Èë²¢Ö´ÐÐí§ÒâPython´úÂë¡£¡£¡£¡£¸ÃÐÐΪ±¬·¢ÔÚЧÀÍÆô¶¯½×¶Î£¬£¬£¬£¬£¬£¬ÇëÇó´¦Öóͷ£Ö®Ç°£¬£¬£¬£¬£¬£¬ÎÞÐèÈκνӿڻá¼ûȨÏÞ£¬£¬£¬£¬£¬£¬Î£º¦½Ï¸ß£¬£¬£¬£¬£¬£¬¿ÉÄÜÖ±½Óµ¼ÖÂËÞÖ÷ϵͳ±»ÍêÈ«¿ØÖÆ¡£¡£¡£¡£
¶þ¡¢Ó°Ïì¹æÄ£
0.10.1 <= vLLM < 0.14.0¡£¡£¡£¡£
Èý¡¢Çå¾²²½·¥
3.1 Éý¼¶°æ±¾
¹Ù·½ÒÑÐû²¼ÐÞ¸´°æ±¾£¬£¬£¬£¬£¬£¬½¨ÒéÓû§Éý¼¶
ÏÂÔØÁ´½Ó£ºhttps://github.com/vllm-project/vllm/releases/
3.2 ÔÝʱ²½·¥
ÔÝÎÞ¡£¡£¡£¡£
3.3 ͨÓý¨Òé
? °´ÆÚ¸üÐÂϵͳ²¹¶¡£¬£¬£¬£¬£¬£¬ïÔÌϵͳÎó²î£¬£¬£¬£¬£¬£¬ÌáÉýЧÀÍÆ÷µÄÇå¾²ÐÔ¡£¡£¡£¡£? ÔöǿϵͳºÍÍøÂçµÄ»á¼û¿ØÖÆ£¬£¬£¬£¬£¬£¬Ð޸ķÀ»ðǽսÂÔ£¬£¬£¬£¬£¬£¬¹Ø±Õ·ÇÐëÒªµÄÓ¦Óö˿ڻòЧÀÍ£¬£¬£¬£¬£¬£¬ïÔ̽«Î£ÏÕЧÀÍ£¨ÈçSSH¡¢RDPµÈ£©Ì»Â¶µ½¹«Íø£¬£¬£¬£¬£¬£¬ïÔ̹¥»÷Ãæ¡£¡£¡£¡£? ʹÓÃÆóÒµ¼¶Çå¾²²úÆ·£¬£¬£¬£¬£¬£¬ÌáÉýÆóÒµµÄÍøÂçÇå¾²ÐÔÄÜ¡£¡£¡£¡£? ÔöǿϵͳÓû§ºÍȨÏÞÖÎÀí£¬£¬£¬£¬£¬£¬ÆôÓöàÒòËØÈÏÖ¤»úÖÆºÍ×îСȨÏÞÔÔò£¬£¬£¬£¬£¬£¬Óû§ºÍÈí¼þȨÏÞÓ¦¼á³ÖÔÚ×îµÍÏÞ¶È¡£¡£¡£¡£? ÆôÓÃÇ¿ÃÜÂëÕ½ÂÔ²¢ÉèÖÃΪ°´ÆÚÐ޸ġ£¡£¡£¡£
3.4 ²Î¿¼Á´½Ó
https://nvd.nist.gov/vuln/detail/CVE-2026-22807https://github.com/vllm-project/vllm/security/advisories/GHSA-2pc9-4j83-qjmr