vLLM's hardcoded trust_remote_code=True in NemotronVL and KimiK25 bypasses user security opt-out

Description

A vulnerability, classified as critical, has been found in vllm up to 0.17.x affecting the trust_remote_code function of the Model Handler component, leading to protection mechanism failure.

Affected Products

Vendor	Product	Versions
vllm-project	vllm	>= 0.10.1, < 0.18.0, 0.17.x

References

https://github.com/vllm-project/vllm/security/advisories/GHSA-7972-pg2x-xr59(x_refsource_CONFIRM)
https://github.com/vllm-project/vllm/pull/36192(x_refsource_MISC)
https://github.com/vllm-project/vllm/commit/00bd08edeee5dd4d4c13277c0114a464011acf72(x_refsource_MISC)

Related News (2 articles)

Tier B

BSI Advisories2h ago

[NEU] [hoch] vllm: Schwachstelle ermöglicht Codeausführung

→ No new info (linked only)

Tier C

VulDB6h ago

CVE-2026-27893 | vllm up to 0.17.x Model trust_remote_code protection mechanism (GHSA-7972-pg2x-xr59)

→ No new info (linked only)

CVSS 3.18.8 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-693

Published3/26/2026

Last enriched4h agov3

Trending Score61

Source articles2

Independent2

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Version History

Last enriched 4h ago

v3Tier C4h ago

Updated description with new details about the Model Handler component and clarified that no exploit is available.

description

via VulDB

v2Tier C6h ago

Updated severity to CRITICAL, marked as actively exploited, and specified patch version 0.18.0.

severityactivelyExploitedpatchAvailableaffectedVersions

via VulDB

v112h ago

Initial creation