Security Advisory - Published 2026-06-23 - AI / Model Serving
vLLM CVE-2026-54232: check Docker builds and image provenance
vLLM before 0.22.1 has a Docker build dependency-confusion risk. The practical review is whether affected images were built, pushed, or deployed, and whether production prompts, API keys, model data, or registry credentials were exposed.
Affected version
| CVE | Product | Affected | CVSS |
|---|---|---|---|
| CVE-2026-54232 | vLLM | before 0.22.1 | 8.8 |
Owner self-check
docker image ls | grep -i 'vllm'
docker ps | grep -i 'vllm'
grep -Rni 'vllm\\|flashinfer-jit-cache\\|extra-index-url\\|UV_INDEX_STRATEGY\\|unsafe-best-match' Dockerfile docker-compose.yml .github workflows 2>/dev/null
grep -Rni 'flashinfer-jit-cache\\|pypi\\|extra-index-url\\|vllm' build.log logs var/log 2>/dev/null | tail -160What to review
- vLLM version in every Dockerfile, image tag, Helm value, Compose file, and deployment manifest.
- Build logs showing package indexes, package names, resolved versions, and the registry account that pushed the image.
- Images built before the fixed release that reached staging, production, notebooks, batch jobs, or customer demos.
- Secrets present during build or runtime: API keys, model registry credentials, cloud tokens, and prompt logs.
Safe fix path
- Upgrade vLLM to 0.22.1 or newer and rebuild images from a clean base.
- Pin trusted package indexes and remove broad fallback behavior from Docker build steps.
- Remove affected images from registries after preserving tags, digests, and build logs for evidence.
- Rotate secrets that were available to affected builds or containers.
- Redeploy from the rebuilt image and verify the running image digest instead of trusting the tag name alone.
Repair help
Use Ping7 CVE Repair when affected vLLM images reached production, prompts or model data are sensitive, or registry and cloud credentials need a coordinated rotation plan.