{"vulnerability": "CVE-2026-5497", "sightings": [{"uuid": "5785a5ca-3b82-4ce0-b27a-c3c321eefe66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-5497", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116731007914371430", "content": "\u26a0\ufe0f CVE-2026-5497: HIGH severity DoS vuln in vLLM (v0.8.0+). Unauthenticated attackers can trigger OOM via crafted video/jpeg data URLs on the chat completions API. Limit request size & monitor! https://radar.offseq.com/threat/cve-2026-5497-cwe-400-uncontrolled-resource-consum-fdc34d07 #OffSeq #vllm #DoS #infosec", "creation_timestamp": "2026-06-11T10:30:27.938856Z"}, {"uuid": "688d8756-529c-4b07-9327-bc68448c4c3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-5497", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mnyzgozul62l", "content": "vLLM (v0.8.0+) faces a HIGH risk DoS (CVE-2026-5497): attackers can crash servers via unbounded base64 frames in the API. Limit input, monitor API traffic. https://radar.offseq.com/threat/cve-2026-5497-cwe-400-uncontrolled-resource-consum-fdc34d07 #OffSeq #vllm #security", "creation_timestamp": "2026-06-11T10:30:30.234517Z"}, {"uuid": "5bdd711c-e335-4bed-bfd5-5c2f6f5419c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5497", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mnz35dj3xz2i", "content": "\ud83d\udfe0 CVE-2026-5497 - High (7.5)\n\nvLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS) at...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-5497/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-11T11:01:03.109720Z"}]}