dCERT Flags vLLM Flaws and Spring Security Authentication Bypass
dCERT published two security advisories covering separate software risks: multiple vulnerabilities in vllm and a VMware Tanzu Spring Security flaw that can bypass security measures. The vllm advisory identifies more than one issue affecting the large language model serving software, while the Spring Security advisory warns that affected deployments may allow protections to be circumvented.
The notices indicate that organizations using either product should review the relevant dCERT advisories, determine exposure in their environments, and prioritize remediation. The Spring Security issue is especially significant for internet-facing or authentication-dependent applications because a bypass in security controls can undermine access restrictions, while the vllm findings raise concern for AI infrastructure operators running vulnerable versions in production or shared environments.
How this story unfolded
8 events from the earliest known activity through the most recent confirmed update.
dCERT publishes vLLM multiple vulnerabilities advisory
dCERT published Advisory 2026-0194 for vLLM, identifying multiple vulnerabilities in the software. No additional technical details or remediation timeline are provided in the reference.
dCERT publishes VMware Tanzu Spring Security advisory
dCERT published Advisory 2026-0783 for VMware Tanzu Spring Security, describing a vulnerability that allows bypassing security measures. The reference does not include further details on exploitation or patch availability.
dCERT publishes vLLM code execution vulnerability advisory
dCERT published Advisory 2026-0869 for vLLM describing a vulnerability that allows code execution. The reference does not provide additional technical details or remediation information.
dCERT publishes vLLM multiple vulnerabilities advisory
dCERT published Advisory 2026-0966 for vLLM identifying multiple vulnerabilities. The reference provides no additional technical details, exploitation information, or remediation timeline.
dCERT publishes VMware Tanzu Spring Security multiple vulnerabilities advisory
dCERT published Advisory 2026-1199 for VMware Tanzu Spring Security identifying multiple vulnerabilities. The reference does not provide additional technical details, exploitation information, or remediation timeline.
dCERT publishes vLLM file manipulation vulnerability advisory
dCERT published Advisory 2026-1267 for vLLM, describing a KV Block Handler vulnerability that allows manipulation of files. The reference does not provide additional technical details, exploitation information, or remediation timeline.
dCERT publishes vLLM denial-of-service vulnerability advisory
dCERT published Advisory 2026-1279 for vLLM describing a vulnerability that allows denial of service. The reference does not provide additional technical details, exploitation information, or remediation timeline.
dCERT publishes vLLM denial-of-service vulnerability advisory
dCERT published Advisory 2026-1341 for vLLM describing a vulnerability that allows denial of service. The reference does not provide additional technical details, exploitation information, or remediation timeline.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
8 references tracked. Mallory keeps watching after this page renders.
dCERT - Advisory 2026-1341 - vllm: Vulnerability allows Denial of Service
dcert.de
Open sourcedCERT - Advisory 2026-1279 - vllm: Vulnerability allows Denial of Service
dcert.de
Open sourcedCERT - Advisory 2026-1267 - vllm (KV Block Handler): Vulnerability allows manipulation of files
dcert.de
Open sourcedCERT - Advisory 2026-1199 - VMware Tanzu Spring Security: Multiple Vulnerabilities
dcert.de
Open sourcedCERT - Advisory 2026-0966 - vllm: Multiple Vulnerabilities
dcert.de
Open sourcedCERT - Advisory 2026-0869 - vllm: Vulnerability allows code execution
dcert.de
Open sourcedCERT - Advisory 2026-0783 - VMware Tanzu Spring Security: Vulnerability allows bypassing security measures
dcert.de
Open sourcedCERT - Advisory 2026-0194 - vllm: Multiple Vulnerabilities
dcert.de
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Spring fixes TLS hostname verification flaws and DevTools timing attack issue
Spring published advisories for four vulnerabilities affecting its ecosystem, including three flaws in auto-configuration for **Elasticsearch**, **Cassandra**, and **RabbitMQ** that can disable TLS hostname verification when an SSL bundle is used. The issues are tracked as `CVE-2026-40970`, `CVE-2026-40974`, and `CVE-2026-40971`, respectively, and could weaken certificate validation for connections to those backend services. A fourth advisory, `CVE-2026-40972`, affects **Spring DevTools** and states that remote secret comparison is vulnerable to timing attacks. Together, the disclosures highlight risks in both transport security and authentication-related logic, with the TLS-related bugs potentially exposing applications to man-in-the-middle scenarios and the DevTools issue creating an avenue for attackers to infer secrets through response timing differences.
Apr 23, 2026
Critical RCE Flaws Disclosed in Ivanti CSA and VMware vCenter
Critical vulnerabilities were disclosed in **Ivanti Cloud Services Application (CSA)** and **VMware vCenter Server** products, exposing enterprise management platforms to remote compromise. Ivanti said CSA `5.0.2` and earlier contain three flaws—`CVE-2024-11639`, `CVE-2024-11772`, and `CVE-2024-11773`—that can enable authentication bypass, remote code execution, and arbitrary SQL query execution through the administrator browser console, with the most severe issues rated **CVSS 10.0**. Ivanti released fixes in CSA `5.0.3` and urged customers to update immediately. VMware also disclosed two vulnerabilities affecting **vCenter Server** and **VMware Cloud Foundation**: `CVE-2024-38812`, a heap overflow that can allow arbitrary code execution, and `CVE-2024-38813`, which can enable privilege escalation to root. The flaws affect vCenter Server `7.0` and `8.0` as well as VMware Cloud Foundation `4.x` and `5.x`, and can be exploited remotely over the network using specially crafted packets. In both vendor notices, no active exploitation had been confirmed at the time of disclosure, but organizations and service providers were advised to apply vendor-fixed versions without delay because successful attacks could result in full administrative compromise.
Apr 24, 2026
High-Severity Flaws in Langflow and vLLM Expose Secrets and Enable RCE
Two high-severity vulnerabilities were disclosed in widely used AI application components, affecting **Langflow** and **vLLM**. In Langflow, `CVE-2026-33497` impacts versions before **1.7.1** and stems from improper filtering of `folder_name` and `file_name` in the `/profile_pictures/{folder_name}/{file_name}` endpoint. The path traversal flaw (`CWE-22`) allows unauthenticated attackers to read files across directories, including the application's `secret_key`, creating a direct risk of secret exposure and follow-on compromise. The issue is addressed in **Langflow 1.7.1** and tracked in GitHub advisory `GHSA-ph9w-r52h-28p7`. A separate flaw in vLLM, `CVE-2026-27893`, can lead to **remote code execution** by bypassing a user's attempt to disable remote code trust. In versions from **0.10.1** up to but not including **0.18.0**, two model implementation files hardcoded `trust_remote_code=True`, overriding the safer `--trust-remote-code=False` setting and allowing malicious model repositories to run code during model use. The vulnerability, classified as `CWE-693`, was patched in **vLLM 0.18.0**, underscoring supply-chain and configuration-bypass risks in AI infrastructure components.
Mar 27, 2026