What happened
An unhandled assertion failure in vLLM's EngineCore is triggered by a specific combination of pure prompt-embeds input against M-RoPE multimodal models, causing a full process crash rather than a graceful request-level error.
Why it matters
A single malformed request from any authorized API caller fatally terminates the shared inference server, impacting all tenants and applications relying on that vLLM instance — a low-effort denial-of-service vector against multimodal LLM serving infrastructure.
Attack vector
Sending a pure prompt-embeds payload in a /v1/completions request against a model using M-RoPE causes EngineCore to fail an assertion and fatally crash, shutting down the entire vLLM server application. Any remote user authorized to call the completions endpoint can trigger it.
Affected systems
vLLM, versions 0.12.0 up to (not including) 0.24.0
Mitigation
Upgrade to vLLM >= 0.24.0.