vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to version 0.18.0, two model implementation files…

vLLM, an inference and serving engine for large language models, contains a critical vulnerability in versions 0.10.1 through 0.17.x. The vulnerability stems from two model implementation files that hardcode trust_remote_code=True when loading sub-components, bypassing user security settings that explicitly disable remote code trust via --trust-remote-code=False. This security bypass enables remote code execution attacks through malicious model repositories, even when users have explicitly opted out of trusting remote code. The vulnerability affects the core security model of vLLM by ignoring user-specified security preferences. Version 0.18.0 contains patches that address this issue by properly respecting the user's trust_remote_code configuration.