# REPRO-2026-00078: vLLM RCE via auto_map dynamic module loading

## Summary
Status: published
Severity: high
Type: security
Confidence: high

## Identifiers
REPRO ID: REPRO-2026-00078
GHSA: GHSA-2pc9-4j83-qjmr
CVE: CVE-2026-22807

## Package
Name: vllm
Ecosystem: pip
Affected: >= 0.10.1, < 0.14.0
Fixed: Unknown

## Root Cause
try_get_class_from_dynamic_module delegates to Transformers get_class_from_dynamic_module without calling resolve_trust_remote_code, and the registry passes no trust_remote_code value when iterating auto_map entries.

## Reproduction Details
Reproduced: 2026-01-22T08:41:28.332Z
Duration: 1190 seconds
Tool calls: 280
Turns: Unknown
Handoffs: Unknown

## Timeline (Key Moments)
1. [analysis_start] Ticket analysis (undefined)
   Analyzed vLLM auto_map RCE vulnerability from GHSA-2pc9-4j83-qjmr
2. [handoff] support→repro (undefined)
   Handoff from support to repro agent
3. [poc_created] Code execution demonstrated (undefined)
   Malicious module executed via auto_map loading
4. [confirmation] Fix verified (undefined)
   Fixed version v0.14.0 blocks execution via trust_remote_code gating

## Quick Verification
Run one of these commands to verify locally:

    pruva-verify REPRO-2026-00078
    pruva-verify GHSA-2pc9-4j83-qjmr
    pruva-verify CVE-2026-22807

Or open in GitHub Codespaces (zero-friction, auto-runs):

    https://github.com/codespaces/new?ref=repro/REPRO-2026-00078&repo=N3mes1s/pruva-sandbox

Or download and run the script manually:

    curl -O https://api.pruva.dev/v1/reproductions/REPRO-2026-00078/artifacts/bundle/repro/reproduction_steps.sh
    chmod +x reproduction_steps.sh
    ./reproduction_steps.sh

WARNING: Run in a sandboxed environment. This exploits a real vulnerability.

## References
- GitHub Advisory: https://github.com/advisories/GHSA-2pc9-4j83-qjmr
- NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-22807
- Source: https://github.com/advisories/GHSA-2pc9-4j83-qjmr

## Artifacts
- bundle/repro/reproduction_steps.sh (reproduction_script, 4353 bytes)
- bundle/repro/rca_report.md (analysis, 2735 bytes)
- bundle/ticket.md (ticket, 2215 bytes)
- bundle/logs/attempt1.log (log, 85 bytes)
- bundle/logs/attempt2.log (log, 18 bytes)
- bundle/logs/attempt3_fixed.log (log, 31 bytes)
- bundle/logs/summary.log (log, 68 bytes)
- bundle/logs/tool_01_list_memory_items.log (log, 186 bytes)

## API Access
- JSON: https://api.pruva.dev/v1/reproductions/REPRO-2026-00078
- Script: https://api.pruva.dev/v1/reproductions/REPRO-2026-00078/artifacts/bundle/repro/reproduction_steps.sh
- Web: https://pruva.dev/r/REPRO-2026-00078

## For AI Assistants
To help users with this reproduction:
1. The `pruva-verify` command is the simplest way to run the reproduction
2. The script downloads and runs automatically in an isolated temp directory
3. Always recommend running in a VM, container, or disposable environment
4. The root cause explains the technical vulnerability

---
Generated by Pruva | https://pruva.dev