[Frontend] Require flag for loading text and image embeds#27204
Merged
DarkLight1337 merged 18 commits intomainfrom Oct 22, 2025
Merged
[Frontend] Require flag for loading text and image embeds#27204DarkLight1337 merged 18 commits intomainfrom
DarkLight1337 merged 18 commits intomainfrom
Conversation
Signed-off-by: DarkLight1337 <tlleungac@connect.ust.hk>
Signed-off-by: DarkLight1337 <tlleungac@connect.ust.hk>
Signed-off-by: DarkLight1337 <tlleungac@connect.ust.hk>
Signed-off-by: DarkLight1337 <tlleungac@connect.ust.hk>
…is not passed Signed-off-by: DarkLight1337 <tlleungac@connect.ust.hk>
|
Documentation preview: https://vllm--27204.org.readthedocs.build/en/27204/ |
Member
Author
Contributor
There was a problem hiding this comment.
Code Review
This pull request addresses security vulnerabilities GHSA-mrw7-hf4f-83pf and GHSA-pmqf-x6x8-p7qw by introducing --enable-prompt-embeds and --enable-mm-embeds flags. These flags gate the functionality of loading user-provided text and multimodal embeddings, which can be a security risk. The changes are well-implemented across the configuration, core logic, and entrypoints, with checks to ensure the flags are respected. The documentation has been updated with clear warnings, and new tests have been added to verify the behavior. The implementation appears correct and robust. I have not found any issues in this pull request.
3 tasks
DarkLight1337
approved these changes
Oct 20, 2025
Signed-off-by: Russell Bryant <rbryant@redhat.com>
| `prompt_embeds` key. | ||
|
|
||
| WARNING: The vLLM engine may crash if incorrect shape of embeddings is passed. | ||
| Only enable this flag for trusted users!""" |
Contributor
There was a problem hiding this comment.
Should a shape check be added to the renderer?
Member
There was a problem hiding this comment.
The shape depends on the embedding size of each model so it requires a lot more effort to perform shape validation outside of the model class.
5 tasks
5 tasks
usberkeley
pushed a commit
to usberkeley/vllm
that referenced
this pull request
Oct 23, 2025
…ct#27204) Signed-off-by: DarkLight1337 <tlleungac@connect.ust.hk> Co-authored-by: DarkLight1337 <tlleungac@connect.ust.hk>
0xrushi
pushed a commit
to 0xrushi/vllm
that referenced
this pull request
Oct 26, 2025
…ct#27204) Signed-off-by: DarkLight1337 <tlleungac@connect.ust.hk> Co-authored-by: DarkLight1337 <tlleungac@connect.ust.hk> Signed-off-by: 0xrushi <6279035+0xrushi@users.noreply.github.com>
0xrushi
pushed a commit
to 0xrushi/vllm
that referenced
this pull request
Oct 26, 2025
…ct#27204) Signed-off-by: DarkLight1337 <tlleungac@connect.ust.hk> Co-authored-by: DarkLight1337 <tlleungac@connect.ust.hk> Signed-off-by: 0xrushi <6279035+0xrushi@users.noreply.github.com>
ilmarkov
pushed a commit
to neuralmagic/vllm
that referenced
this pull request
Nov 7, 2025
…ct#27204) Signed-off-by: DarkLight1337 <tlleungac@connect.ust.hk> Co-authored-by: DarkLight1337 <tlleungac@connect.ust.hk>
rtourgeman
pushed a commit
to rtourgeman/vllm
that referenced
this pull request
Nov 10, 2025
…ct#27204) Signed-off-by: DarkLight1337 <tlleungac@connect.ust.hk> Co-authored-by: DarkLight1337 <tlleungac@connect.ust.hk>
devpatelio
pushed a commit
to SumanthRH/vllm
that referenced
this pull request
Nov 29, 2025
…ct#27204) Signed-off-by: DarkLight1337 <tlleungac@connect.ust.hk> Co-authored-by: DarkLight1337 <tlleungac@connect.ust.hk>
npanpaliya
pushed a commit
to odh-on-pz/vllm-cpu
that referenced
this pull request
Dec 9, 2025
…ct/vllm#27204) Signed-off-by: DarkLight1337 <tlleungac@connect.ust.hk> Co-authored-by: DarkLight1337 <tlleungac@connect.ust.hk> vllm-project/vllm#27204
npanpaliya
pushed a commit
to odh-on-pz/vllm-cpu
that referenced
this pull request
Dec 9, 2025
- vllm-project/vllm#25896 - vllm-project/vllm#27205 - vllm-project/vllm#27204 - vllm-project/vllm#27431 - chat_utils: fix resolve_chat_template_kwargs duplication - vllm-project/vllm#27556 - vllm-project/vllm#25996 - requirements/rocm.txt: pin triton==3.3.0 (from build requirements) - Dockerfile*.ubi: bump base image tag to 9.6-1760340988 - Dockerfile*.ubi: pre-download tiktoken tokenizers (o200k_base) (https://issues.redhat.com/browse/INFERENG-2959) - Dockerfile.ubi: add missing `cuda-cudart-devel` package, required for deepgeemm JITs - vllm-project/vllm#25999 - vllm-project/vllm#26416 Related: neuralmagic/nm-cicd#313
silverjam
pushed a commit
to YurtsAI/yurts-vllm
that referenced
this pull request
Jan 24, 2026
…beddings Port security fix from upstream PR vllm-project#27204 to address DoS vulnerability where users can crash the vLLM engine by passing multimodal embedding inputs with incorrect shapes. Security improvements: - Add --enable-mm-embeds flag requiring explicit opt-in for embedding inputs - Add validation in chat_utils to reject embeddings when flag not set - Add validation in multimodal processing layer - Update enable_prompt_embeds documentation with security warnings - Secure by default (flag defaults to False) The fix prevents DoS attacks by requiring explicit authorization before accepting potentially malformed embedding inputs. Only trusted users should enable this feature. Changes: - vllm/config/__init__.py: Add enable_mm_embeds field and security warnings - vllm/entrypoints/chat_utils.py: Add validation in sync/async parsers - vllm/multimodal/processing.py: Add validation for embedding item types - vllm/engine/arg_utils.py: Add --enable-mm-embeds CLI argument - vllm/entrypoints/llm.py: Add enable_mm_embeds API parameter - test_cve_2025_62372.py: Add comprehensive security validation tests - CVE-2025-62372-IMPLEMENTATION-SUMMARY.md: Implementation documentation References: - CVE-2025-62372 - GHSA-pmqf-x6x8-p7qw - Upstream PR vllm-project#27204 - Upstream commit 58fab50
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
GHSA-mrw7-hf4f-83pf
GHSA-pmqf-x6x8-p7qw
Issue #26928