CVE-2026-34760

import numpy as np # Simulating stereo audio data (2 channels) # Channel 0: Intended signal # Channel 1: Noise or secondary signal stereo_audio = np.array([ [1.0, 0.0], [1.0, 0.0], [-1.0, 0.0], [-1.0, 0.0] ]) # 1. Vulnerable Downmix (Librosa < 0.18.0 default via numpy.mean) # This is what the vLLM model processes vulnerable_result = np.mean(stereo_audio, axis=0) print(f"Vulnerable (AI Model Input): {vulnerable_result}") # 2. Standard Downmix (ITU-R BS.775-4 compliant) # Simplified representation of standard weighted downmix # (e.g. -3dB or -4.5dB pan law) standard_result = 0.7079 * (stereo_audio[:, 0] + stereo_audio[:, 1]) print(f"Standard (Human Perception): {standard_result}") # If results differ significantly, an adversarial attack is possible if not np.allclose(vulnerable_result, standard_result, atol=0.1): print("[+] Discrepancy detected: Model hears something different than humans.")

{"cve": {"id": "CVE-2026-34760", "sourceIdentifier": "[email protected]", "published": "2026-04-02T20:16:25.437", "lastModified": "2026-05-11T13:24:40.507", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "vLLM is an inference and serving engine for large language models (LLMs). From version 0.5.5 to before version 0.18.0, Librosa defaults to using numpy.mean for mono downmixing (to_mono), while the international standard ITU-R BS.775-4 specifies a weighted downmixing algorithm. This discrepancy results in inconsistency between audio heard by humans (e.g., through headphones/regular speakers) and audio processed by AI models (Which infra via Librosa, such as vllm, transformer). This issue has been patched in version 0.18.0."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L", "baseScore": 5.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.6, "impactScore": 4.2}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 4.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-20"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*", "versionStartIncluding": "0.5.5", "versionEndExcluding": "0.18.0", "matchCriteriaId": "B8A23C5E-0560-4C39-AF88-AA055348DC8B"}]}]}], "references": [{"url": "https://github.com/vllm-project/vllm/commit/c7f98b4d0a63b32ed939e2b6dfaa8a626e9b46c4", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/vllm-project/vllm/pull/37058", "source": "[email protected]", "tags": ["Issue Tracking"]}, {"url": "https://github.com/vllm-project/vllm/releases/tag/v0.18.0", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-6c4r-fmh3-7rh8", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}