python · vllmHeads-up

vLLM /v1/audio/transcriptions Endpoint Memory Amplification Vulnerability

The /v1/audio/transcriptions endpoint in vLLM has a memory amplification vulnerability: a 25MB OPUS file can expand to ~14.

18 Jun 2026Read 1 minSeverity: schedule it

What changed

The /v1/audio/transcriptions endpoint in vLLM has a memory amplification vulnerability: a 25MB OPUS file can expand to ~14.9GB of float32 PCM, causing OOM.

Who it affects

All vLLM deployments exposing the /v1/audio/transcriptions endpoint, especially those accepting untrusted audio uploads.

What to do today

Apply the fix from PR #44970 or restrict access to the endpoint until patched.

The trail

Collected→ Audited→ Written→ Published

Source

GitHub Advisory · vllm

vLLM /v1/audio/transcriptions Endpoint Memory Amplification Vulnerability

What changed

Who it affects

What to do today

More on vllm

vllm: Temperature validation silently passes NaN and +Inf values

vllm: Fix three image processing issues (EXIF orientation, PNG tRNS, APNG/GIF frames)