CVE-2026-48746
vLLM Authentication Bypass via ASGI Server Vulnerability.
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A vulnerability in vLLM, an engine for large language models, allows an authentication bypass of its OpenAI API. This means the API could be accessed without the required API key, potentially enabling unauthorized use. It is important to determine if vLLM is in use to assess exposure to this issue.