A vulnerability, which was classified as problematic , was found in vLLM up to 0.18.x . Affected is the function VideoMediaIO.load_base64 of the component OpenAI-compatible Chat Completions API . Such manipulation leads to resource consumption. This vulnerability is listed as CVE-2026-5497 . The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.