Issue Station
Sign In
Tools hereToolbox

vllm - 💡(How to fix) Fix CVE-2026-22807 fix not on releases/v0.11.0 — try_get_class_from_dynamic_module unguarded [1 participants]

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…
GitHub stats
vllm-project/vllm#41157Fetched 2026-04-29 06:11:57
View on GitHub
Comments
0
Participants
1
Timeline
0
Reactions
0
Author
vulgraphvulgraph
Participants
vulgraphvulgraph

Error Message

The error message you got, with the full traceback and the error logs with [dump_input.py:##] if present.

Code Example

resolve_trust_remote_code(
    trust_remote_code,
    pretrained_model_name_or_path,
    has_local_code=False,
    has_remote_code=True,
)

---

wget https://raw.githubusercontent.com/vllm-project/vllm/main/vllm/collect_env.py
# For security purposes, please feel free to check the contents of collect_env.py before running it.
python collect_env.py

---

from vllm import LLM, SamplingParams

prompts = [
    "Hello, my name is",
    "The president of the United States is",
    "The capital of France is",
    "The future of AI is",
]
sampling_params = SamplingParams(temperature=0.8, top_p=0.95)

llm = LLM(model="facebook/opt-125m")

outputs = llm.generate(prompts, sampling_params)

# Print the outputs.
for output in outputs:
    prompt = output.prompt
    generated_text = output.outputs[0].text
    print(f"Prompt: {prompt!r}, Generated text: {generated_text!r}")

---

# Sample code to reproduce the problem

---

The error message you got, with the full traceback and the error logs with [dump_input.py:##] if present.
RAW_BUFFERClick to expand / collapse

Upstream commit 78d13ea9 — the CVE-2026-22807 fix — adds:

resolve_trust_remote_code(
    trust_remote_code,
    pretrained_model_name_or_path,
    has_local_code=False,
    has_remote_code=True,
)

into vllm/transformers_utils/dynamic_module.py::try_get_class_from_dynamic_module(), plus threads trust_remote_code=model_config.trust_remote_code into both get_class_from_dynamic_module callers inside _try_resolve_transformers() (vllm/model_executor/models/registry.py). On releases/v0.11.0 neither change is in: the helper has no such parameter and the registry call sites pass through unchanged. Net result — the transformers-backend custom-code path is loadable without honoring the --trust-remote-code gate. Glad to send a cherry-pick if releases/v0.11.0 is still receiving security fixes.

Before submitting an issue, please make sure the issue hasn't been already addressed by searching through the existing and past issues.

⚠️ SECURITY WARNING: Please review any text you paste to ensure it does not contain sensitive information such as:

  • API tokens or keys (e.g., Hugging Face tokens, OpenAI API keys)
  • Passwords or authentication credentials
  • Private URLs or endpoints
  • Personal or confidential data

Consider redacting or replacing sensitive values with placeholders like <YOUR_TOKEN_HERE> when sharing configuration or code examples.

Your current environment

<!-- Please run the following and paste the output below. ```sh wget https://raw.githubusercontent.com/vllm-project/vllm/main/vllm/collect_env.py # For security purposes, please feel free to check the contents of collect_env.py before running it. python collect_env.py ``` It is suggested to download and execute the latest script, as vllm might frequently update the diagnosis information needed for accurately and quickly responding to issues. -->

🐛 Describe the bug

<!-- Please provide a clear and concise description of what the bug is. If relevant, add a minimal example so that we can reproduce the error by running the code. It is very important for the snippet to be as succinct (minimal) as possible, so please take time to trim down any irrelevant code to help us debug efficiently. We are going to copy-paste your code and we expect to get the same result as you did: avoid any external data, and include the relevant imports, etc. For example: ```python from vllm import LLM, SamplingParams prompts = [ "Hello, my name is", "The president of the United States is", "The capital of France is", "The future of AI is", ] sampling_params = SamplingParams(temperature=0.8, top_p=0.95) llm = LLM(model="facebook/opt-125m") outputs = llm.generate(prompts, sampling_params) # Print the outputs. for output in outputs: prompt = output.prompt generated_text = output.outputs[0].text print(f"Prompt: {prompt!r}, Generated text: {generated_text!r}") ``` If the code is too long (hopefully, it isn't), feel free to put it in a public gist and link it in the issue: https://gist.github.com. Please also paste or describe the results you observe instead of the expected results. If you observe an error, please paste the error message including the **full** traceback of the exception. It may be relevant to wrap error messages in ```` ```triple quotes blocks``` ````. Please set the environment variable `export VLLM_LOGGING_LEVEL=DEBUG` to turn on more logging to help debugging potential issues. If you experienced crashes or hangs, it would be helpful to run vllm with `export VLLM_TRACE_FUNCTION=1` . All the function calls in vllm will be recorded. Inspect these log files, and tell which function crashes or hangs. -->

A clear and concise description of what the bug is.

# Sample code to reproduce the problem
The error message you got, with the full traceback and the error logs with [dump_input.py:##] if present.

⚠️ Please separate bugs of transformers implementation or usage from bugs of vllm. If you think anything is wrong with the model's output:

  • Try the counterpart of transformers first. If the error appears, please go to their issues.

  • If the error only appears in vllm, please provide the detailed script of how you run transformers and vllm, also highlight the difference and what you expect.

Thanks for reporting 🙏!

Before submitting a new issue...

  • Make sure you already searched for relevant issues, and asked the chatbot living at the bottom right corner of the documentation page, which can answer lots of frequently asked questions.

extent analysis

TL;DR

The bug can be fixed by backporting the CVE-2026-22807 fix from the upstream commit to the releases/v0.11.0 branch.

Guidance

  • Identify the changes made in the upstream commit 78d13ea9 and apply them to the releases/v0.11.0 branch.
  • Verify that the trust_remote_code parameter is being honored in the try_get_class_from_dynamic_module function.
  • Test the custom-code path with the --trust-remote-code gate to ensure it is loadable only when the gate is enabled.
  • Consider cherry-picking the fix from the upstream commit to the releases/v0.11.0 branch.

Example

No code example is provided as the issue is related to a specific commit and branch.

Notes

The fix is specific to the releases/v0.11.0 branch and may not apply to other branches or versions.

Recommendation

Apply the workaround by backporting the CVE-2026-22807 fix to the releases/v0.11.0 branch, as the issue is a security vulnerability that needs to be addressed.

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…
#api#generation error#database connection#vector store#environment variable

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING

vllm - 💡(How to fix) Fix CVE-2026-22807 fix not on releases/v0.11.0 — try_get_class_from_dynamic_module unguarded [1 participants]