CVE-2026-55574 - vLLM: ReDoS via structured_outputs.regex compiled without timeout in xgrammar and outlines backends
CVE ID :CVE-2026-55574 Published : July 6, 2026, 9:16 p.m. | 1 hour, 57 minutes ago Description :vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, the structured_outputs.regex API parameter passes a user-supplied regular expression string...