{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34760", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-30T19:17:10.225Z", "datePublished": "2026-04-02T18:59:49.638Z", "dateUpdated": "2026-04-03T14:42:34.842Z"}, "containers": {"cna": {"title": "vLLM: Downmix Implementation Differences as Attack Vectors Against Audio AI Models", "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "lang": "en", "description": "CWE-20: Improper Input Validation", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/vllm-project/vllm/security/advisories/GHSA-6c4r-fmh3-7rh8", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-6c4r-fmh3-7rh8"}, {"name": "https://github.com/vllm-project/vllm/pull/37058", "tags": ["x_refsource_MISC"], "url": "https://github.com/vllm-project/vllm/pull/37058"}, {"name": "https://github.com/vllm-project/vllm/commit/c7f98b4d0a63b32ed939e2b6dfaa8a626e9b46c4", "tags": ["x_refsource_MISC"], "url": "https://github.com/vllm-project/vllm/commit/c7f98b4d0a63b32ed939e2b6dfaa8a626e9b46c4"}, {"name": "https://github.com/vllm-project/vllm/releases/tag/v0.18.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/vllm-project/vllm/releases/tag/v0.18.0"}], "affected": [{"vendor": "vllm-project", "product": "vllm", "versions": [{"version": ">= 0.5.5, < 0.18.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-02T18:59:49.638Z"}, "descriptions": [{"lang": "en", "value": "vLLM is an inference and serving engine for large language models (LLMs). From version 0.5.5 to before version 0.18.0, Librosa defaults to using numpy.mean for mono downmixing (to_mono), while the international standard ITU-R BS.775-4 specifies a weighted downmixing algorithm. This discrepancy results in inconsistency between audio heard by humans (e.g., through headphones/regular speakers) and audio processed by AI models (Which infra via Librosa, such as vllm, transformer). This issue has been patched in version 0.18.0."}], "source": {"advisory": "GHSA-6c4r-fmh3-7rh8", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-03T14:42:25.211772Z", "id": "CVE-2026-34760", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-03T14:42:34.842Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34760", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-03T14:42:25.211772Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-03T14:42:31.132Z"}}], "cna": {"title": "vLLM: Downmix Implementation Differences as Attack Vectors Against Audio AI Models", "source": {"advisory": "GHSA-6c4r-fmh3-7rh8", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "vllm-project", "product": "vllm", "versions": [{"status": "affected", "version": ">= 0.5.5, < 0.18.0"}]}], "references": [{"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-6c4r-fmh3-7rh8", "name": "https://github.com/vllm-project/vllm/security/advisories/GHSA-6c4r-fmh3-7rh8", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/vllm-project/vllm/pull/37058", "name": "https://github.com/vllm-project/vllm/pull/37058", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/vllm-project/vllm/commit/c7f98b4d0a63b32ed939e2b6dfaa8a626e9b46c4", "name": "https://github.com/vllm-project/vllm/commit/c7f98b4d0a63b32ed939e2b6dfaa8a626e9b46c4", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/vllm-project/vllm/releases/tag/v0.18.0", "name": "https://github.com/vllm-project/vllm/releases/tag/v0.18.0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "vLLM is an inference and serving engine for large language models (LLMs). From version 0.5.5 to before version 0.18.0, Librosa defaults to using numpy.mean for mono downmixing (to_mono), while the international standard ITU-R BS.775-4 specifies a weighted downmixing algorithm. This discrepancy results in inconsistency between audio heard by humans (e.g., through headphones/regular speakers) and audio processed by AI models (Which infra via Librosa, such as vllm, transformer). This issue has been patched in version 0.18.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20: Improper Input Validation"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-02T18:59:49.638Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34760", "state": "PUBLISHED", "dateUpdated": "2026-04-03T14:42:34.842Z", "dateReserved": "2026-03-30T19:17:10.225Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-02T18:59:49.638Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "vLLM is an inference and serving engine for large language models (LLMs). From version 0.5.5 to before version 0.18.0, Librosa defaults to using numpy.mean for mono downmixing (to_mono), while the international standard ITU-R BS.775-4 specifies a weighted downmixing algorithm. This discrepancy results in inconsistency between audio heard by humans (e.g., through headphones/regular speakers) and audio processed by AI models (Which infra via Librosa, such as vllm, transformer). This issue has been patched in version 0.18.0."}], "id": "CVE-2026-34760", "lastModified": "2026-04-03T16:10:23.730", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 4.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-02T20:16:25.437", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/vllm-project/vllm/commit/c7f98b4d0a63b32ed939e2b6dfaa8a626e9b46c4"}, {"source": "security-advisories@github.com", "url": "https://github.com/vllm-project/vllm/pull/37058"}, {"source": "security-advisories@github.com", "url": "https://github.com/vllm-project/vllm/releases/tag/v0.18.0"}, {"source": "security-advisories@github.com", "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-6c4r-fmh3-7rh8"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0.5.5,0.18.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "vllm", "source": "cna", "vendor": "vllm-project"}, "product": "vllm", "vendor": "vllm-project"}], "analysis": {"en": {"generated_at": "2026-04-02T22:20:56.050058+00:00", "value": {"mitigation_remediation": ["Upgrade from v0.5.5 to v0.18.0 or later of the vLLM project, which incorporates the correct downmixing algorithm. ", "If an upgrade is impossible, apply the patch from the referenced GitHub commit c7f98b4d0a63b32ed939e2b6dfaa8a626e9b46c4 to replace the faulty downmixing logic. ", "Verify that Librosa is configured to use the weighted ITU\u2011R\u00a0BS.775\u20114 downmixing algorithm, or that the upstream library defaults to it. ", "Implement validation checks for audio inputs to detect unsupported downmixing and alert or reject anomalous files. ", "Monitor model output for sudden changes in accuracy or unexpected behavior that might indicate a downmixing issue."], "summary": {"action": "Apply Patch", "impact": "Inconsistent audio downmixing causes unreliable model predictions"}, "threat_synthesis": {"affected_systems": "All deployments of the vLLM project from version\u00a00.5.5 through the end of\u00a00.17.x are affected. This includes any system that relies on Librosa for audio preprocessing within vLLM prior to version\u00a00.18.0. Sysadmins using the vLLM inference engine for audio\u2011based language models should review the version they are running.", "description_and_impact": "The vulnerability arises from a default downmixing algorithm in Librosa that differs from the ITU\u2011R\u00a0BS.775\u20114 standard. While Librosa\u2019s numpy.mean approach works for human listeners, it produces different audio signals for AI inference engines such as vLLM. This discrepancy can lead developers to feed models audio that sounds correct to humans but is processed differently by the AI, potentially yielding inaccurate or misleading outputs. The weakness is a buffer or input validation flaw (CWE\u201120).", "risk_and_exploitability": "The CVSS score of 5.9 indicates a moderate severity. No EPSS score is provided, and the vulnerability is not listed in CISA\u2019s KEV catalog, suggesting it is not widely exploited yet. Attackers would need to supply crafted audio input to the model\u2019s ingestion pipeline; the impact is limited to model accuracy rather than system compromise. Consequently, the exploit is likely manual and requires access to the input channel rather than remote code execution. The risk is the potential for degraded service quality and misclassification by the AI models."}}}}, "created": "2026-04-03T07:31:35.035605+00:00", "updated": "2026-04-03T09:16:31.376160+00:00", "vendors": ["vllm-project", "vllm-project$PRODUCT$vllm"]}