← Back

CVE-2024-11041

nvd nist
Published: Mar 20, 2025Modified: Jun 17, 2026

JSON object

Loading...
9.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: security@huntr.dev (Secondary)

Description

vllm-project vllm version v0.6.2 contains a vulnerability in the MessageQueue.dequeue() API function. The function uses pickle.loads to parse received sockets directly, leading to a remote code execution vulnerability. An attacker can exploit this by sending a malicious payload to the MessageQueue, causing the victim's machine to execute arbitrary code.

Affected (1)

Products: Vllm: Vllm
1 product
Vllm
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Version 0.6.2

References (1)

Source: security@huntr.dev
ExploitThird Party Advisory

Timeline

No history available yet.