Please do not open a public GitHub issue for security-sensitive reports.

Use the repository’s Security advisories (private reporting) if available, or contact maintainers through the channels vllm-project documents for coordinated disclosure.

We appreciate responsible disclosure and will work with you on a fix and release timeline before public discussion when appropriate.