REPRO-2026-00078 HIGH RCE Verified

vLLM RCE via auto_map dynamic module loading

vllm (pip) Jan 22, 2026

Confidence HIGH

Reproduced in 19m 50s

Tool calls 280

Affected >= 0.10.1, < 0.14.0

What's the vulnerability?

vLLM loads Hugging Face auto_map dynamic modules during model resolution without honoring trust_remote_code, allowing attacker-controlled code to execute at server startup.

Root Cause Analysis

try_get_class_from_dynamic_module delegates to Transformers get_class_from_dynamic_module without calling resolve_trust_remote_code, and the registry passes no trust_remote_code value when iterating auto_map entries.

One Command

Verify with pruva-verify

Run the Pruva CLI to automatically fetch and execute the reproduction script.

pruva-verify REPRO-2026-00078

or pruva-verify GHSA-2pc9-4j83-qjmr

or pruva-verify CVE-2026-22807

Install: curl -fsSL https://pruva.dev/install.sh | sh

Or Run Manually

Download the script

curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00078/artifacts/reproduction_steps.sh

Make executable

chmod +x reproduction_steps.sh

Run the script

./reproduction_steps.sh

Run in a VM, container, or disposable environment. This exploits a real vulnerability.

How Pruva Reproduced This

Watch the AI agent's step-by-step process.

Loading session...

Artifacts

No artifacts available