What is the official website of Oracle University ?

The official website of Oracle University is https://www.oracle.com/education/.

What is Oracle University's cybersecurity risk score?

Oracle University has an AI-generated cybersecurity risk score of 763 out of 1000, indicating a Fair security posture according to Rankiteo's assessment.

How many security incidents has Oracle University experienced?

According to Rankiteo, Oracle University currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has Oracle University been affected by any supply chain cyber incidents ?

According to Rankiteo, Oracle University has been affected by multiple supply chain cyber incidents. The affected supply chain sources and their corresponding incident IDs are: Oracle (Incident ID: ORA1781526596) Oracle (Incident ID: ORA1781180663) Oracle (Incident ID: ORAUNI1781123069) Oracle (Incident ID: ORA1780418023) Oracle (Incident ID: SALORAEAS1781684937) Oracle (Incident ID: TULORA1777415654) Snowflake (Incident ID: JONGENMCDGOL1775507547) Oracle (Incident ID: BROBECTHEORAABB1773750615) Oracle (Incident ID: NO-SHOPRELOB1773534483) Oracle (Incident ID: MSG1772483822) Oracle (Incident ID: MGMCAEORAWYN1771962331) Oracle (Incident ID: HYPORA1773686454) Oracle (Incident ID: CONDAVORASANASA1770645741) Oracle (Incident ID: DARHARPRICOLCLE1767881845) Oracle (Incident ID: MADMICKORORA1773232260) Oracle (Incident ID: ADIHEAHARMARTHEJAG1767017696) Microsoft Security (Incident ID: AMAORAMIC1770695748) Tencent Cloud (Incident ID: CLO1769705152) Oracle (Incident ID: ORAMSG1772238496) Snowflake (Incident ID: MEREQUUNIMAEMGMGOOTOYSNOALLORARIPTIC1775528897) Oracle (Incident ID: PRIORAUNI1766419165) Oracle (Incident ID: ORA1766435444) Oracle (Incident ID: NHS3432334111425) Oracle (Incident ID: BAR1765043770) BleepingComputer (Incident ID: F50032500101925) Oracle (Incident ID: ORAWIT1773930753) Oracle (Incident ID: ORAPAR1766015901) Oracle (Incident ID: TULORA1779078400) Oracle (Incident ID: MARORA1772484170) Oracle (Incident ID: COX53102453112425) Oracle (Incident ID: ORATHE1770237797) Salesloft (Incident ID: SAL0932309111025) Oracle (Incident ID: ANYSOT1770810849) Oracle (Incident ID: ORAHYP1773650183) Salesloft (Incident ID: ORA1692116100725) moveIT Software (Incident ID: ORA4202442101025) Oracle (Incident ID: JAG2592025111525) Oracle (Incident ID: BRO3105131112625) Oracle (Incident ID: ORA5662156100625) Fortinet (Incident ID: SAMFOXORAFORDHL1781785487) Oracle Health (Incident ID: ORA455040125) Oracle Health (Incident ID: ORA526032825) Salesforce (Incident ID: THEINGSALJAGORASYNDAV1769095448)

Does Oracle University have SOC 2 Type 1 certification ?

According to Rankiteo, Oracle University is not certified under SOC 2 Type 1.

Does Oracle University have SOC 2 Type 2 certification ?

According to Rankiteo, Oracle University does not hold a SOC 2 Type 2 certification.

Does Oracle University comply with GDPR ?

According to Rankiteo, Oracle University is not listed as GDPR compliant.

Does Oracle University have PCI DSS certification ?

According to Rankiteo, Oracle University does not currently maintain PCI DSS compliance.

Does Oracle University comply with HIPAA ?

According to Rankiteo, Oracle University is not compliant with HIPAA regulations.

Does Oracle University have ISO 27001 certification ?

According to Rankiteo,Oracle University is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Which industry does Oracle University operate in ?

Oracle University operates primarily in the IT Services and IT Consulting industry.

How many employees does Oracle University have ?

Oracle University employs approximately None employees people worldwide.

Does Oracle University own any subsidiaries ?

Oracle University presently has no subsidiaries across any sectors.

How many LinkedIn followers does Oracle University have ?

Oracle University's official LinkedIn profile has approximately 83,918 followers.

What is the NAICS classification code for Oracle University ?

Oracle University is classified under the NAICS code 5415, which corresponds to Computer Systems Design and Related Services.

Does Oracle University have a Crunchbase profile ?

No, Oracle University does not have a profile on Crunchbase.

Does Oracle University have a LinkedIn profile ?

Yes, Oracle University maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/oracle-university.

How many cybersecurity incidents has Oracle University experienced ?

As of June 23, 2026, Rankiteo reports that Oracle University has experienced 67 cybersecurity incidents.

How many peer or competitor companies does Oracle University have ?

Oracle University has an estimated 40,800 peer or competitor companies worldwide.

What types of cybersecurity incidents has Oracle University faced ?

Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability, Ransomware, Breach and Cyber Attack.

NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop

WindowsmacOSLinux

Download

Badge your company to reduce your risk score and your cyber insurance costs!

Link verified badges to your company page to build trust with insurers and customers.

Apply now and get your badge!

Internal validation & live display

Insurers and partners see a safer profile

Faster underwriting decisions

Trusted by insurers. Chosen by leaders.

Proud contributor to the Society of Actuaries.

Oracle University

Boost Score +25 with badge (5 left)

763

/1000

Fair

788

/1000

Fair

Oracle University Vendor Cyber Rating & Cyber Score

oracle.com

Add Your Compliance Badge

Upskill and enhance your Oracle proficiency, get Oracle certified to increase your employability and accelerate Oracle SaaS adoption with Oracle University learning content and adoption platforms. Follow us to: ✅ Be the first to hear about discounts in learning paths and certification ✅ Join the discussion on the latest trends in digital adoption and training ✅ Learn about new digital learning opportunities for Oracle solutions ✅ Get access to free Oracle learning resources

Oracle University A.I CyberSecurity Scoring

Scoring History

Oracle University

Oracle University CyberSecurity News & History

Past Incidents

Attack Types

Entity

Type

Severity

Impact

Seen

Blog Details

Supply Chain Source

Incident Details

View

Oracle Health

Breach

6/2026

ORA1782239736

Oracle Security

Vulnerability

6/2026

ORAMOZ178165696...

Oracle

Vulnerability

100

6/2026

Oracle

ORA1781526596

Oracle

Vulnerability

100

6/2026

Oracle

ORA1781180663

Oracle

Cyber Attack

100

6/2026

Oracle

ORAUNI178112306...

Oracle

Vulnerability

100

6/2026

Oracle

ORA1780418023

Oracle

Vulnerability

5/2026

Oracle

SALORAEAS178168...

Oracle

Breach

5/2026

METORATICBANYAH...

Oracle

Vulnerability

100

4/2026

Oracle

TULORA177741565...

Oracle

Breach

100

4/2026

ORABUS177558268...

Oracle

Breach

4/2026

Snowflake

JONGENMCDGOL177...

Oracle

Vulnerability

3/2026

ORA1774088623

Oracle

Cyber Attack

3/2026

Oracle

BROBECTHEORAABB...

Oracle

Breach

100

3/2026

Oracle

NO-SHOPRELOB177...

Oracle

Breach

3/2026

RAYORAFED177252...

Oracle

Breach

3/2026

Oracle

MSG1772483822

Oracle

Cyber Attack

2/2026

Oracle

MGMCAEORAWYN177...

Oracle

Ransomware

100

2/2026

Oracle

HYPORA177368645...

Oracle

Breach

2/2026

ORA1770195349

Oracle

Vulnerability

100

1/2026

ORA1768994894

Oracle

Ransomware

100

1/2026

Oracle

CONDAVORASANASA...

Oracle

Breach

1/2026

Oracle

DARHARPRICOLCLE...

Oracle

Breach

1/2026

Oracle

MADMICKORORA177...

Oracle

Cyber Attack

12/2025

Oracle

ADIHEAHARMARTHE...

Oracle Cloud

Cyber Attack

100

12/2025

Microsoft Secur...

AMAORAMIC177069...

Oracle Cloud

Cyber Attack

100

12/2025

Tencent Cloud

CLO1769705152

Oracle

Vulnerability

12/2025

Oracle

ORAMSG177223849...

Oracle

Ransomware

100

12/2025

Snowflake

MEREQUUNIMAEMGM...

Oracle

Cyber Attack

11/2025

Oracle

PRIORAUNI176641...

Oracle University

Vulnerability

11/2025

Oracle

ORA1766435444

Oracle

Cyber Attack

100

11/2025

Oracle

NHS343233411142...

Oracle

Ransomware

100

11/2025

Oracle

BAR1765043770

Oracle Security

Breach

100

10/2025

BleepingCompute...

F50032500101925

Oracle

Cyber Attack

10/2025

Oracle

ORAWIT177393075...

Oracle

Vulnerability

10/2025

Oracle

ORAPAR176601590...

Oracle University

Cyber Attack

9/2025

ORA805090225

Oracle

Breach

8/2025

Oracle

TULORA177907840...

Oracle

Vulnerability

8/2025

Oracle

MARORA177248417...

Oracle

Breach

100

8/2025

Oracle

COX531024531124...

Oracle

Vulnerability

8/2025

Oracle

ORATHE177023779...

Oracle

Breach

8/2025

Salesloft

SAL093230911102...

Oracle

Ransomware

100

8/2025

Oracle

ANYSOT177081084...

Oracle

Vulnerability

8/2025

Oracle

ORAHYP177365018...

Oracle Communicatio...

Ransomware

100

8/2025

Salesloft

ORA169211610072...

Oracle

Ransomware

100

7/2025

moveIT Software

ORA420244210102...

Oracle

Cyber Attack

100

7/2025

Oracle

JAG259202511152...

Oracle

Ransomware

100

6/2025

Oracle

BRO310513111262...

Oracle University

Vulnerability

6/2025

ORA083260810142...

Oracle

Ransomware

100

5/2025

Oracle

ORA566215610062...

Oracle Security

Breach

100

5/2025

Fortinet

SAMFOXORAFORDHL...

Oracle University

Breach

100

4/2025

ORA656040225

Oracle Health

Breach

4/2025

Oracle Health

ORA455040125

Oracle University

Breach

100

3/2025

ORA344032125

Oracle Health

Breach

1/2025

Oracle Health

ORA526032825

Oracle

Cyber Attack

100

1/2025

UNIORA178210972...

Oracle Cloud SCM

Ransomware

100

1/2025

Salesforce

THEINGSALJAGORA...

Oracle University

Vulnerability

8/2024

ORA499324910062...

Oracle

Vulnerability

7/2024

ORA1780446221

Oracle University

Ransomware

6/2024

ORA406214010022...

Oracle University

Ransomware

100

1/2024

ORA109221010022...

Oracle University

Ransomware

100

6/2023

ORA523325211212...

Oracle

Ransomware

100

1/2023

ORAMIC177555100...

Oracle University

Breach

100

6/2021

ORA615032225

Oracle University

Breach

100

6/2020

ORA956040325

Oracle University

Ransomware

100

6/2019

ORA433274311212...

Oracle University

Breach

100

08/2016

ORA392622

Oracle University

Breach

7/2013

ORA720082025

Loading…

A.I.

Oracle University Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

Actual

Prediction

Incident Predictions locked

Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

Actual

Prediction A

Prediction B

Prediction C

Prediction D

A.I. Risk Score Predictions locked

Access Monitoring Plan

Loading…

Underwriter Stats for Oracle University

Incidents vs IT Services and IT Consulting Industry Avg (This Year)

No incidents recorded for Oracle University in 2026.

Incidents vs All-Companies Average (This Year)

No incidents recorded for Oracle University in 2026.

Incident Types Oracle University vs IT Services and IT Consulting Industry Avg (This Year)

No incidents recorded for Oracle University in 2026.

Incident History - Oracle University (X = Date, Y = Severity)

Loading…

SUBSIDIARY

Oracle University Subsidiaries

Oracle University

IT Services and IT Consulting

Website: https://www.oracle.com/education/

Company Size: 10,001+ employees

OracleIT Services and IT Consulting

NetSuiteSoftware Development

Inside the SuiteSoftware Development

NetSuite Partner CommunitySoftware Development

NetSuite Sales Development Representative ProgramSoftware Development

Oracle HospitalityIT Services and IT Consulting

Oracle LinuxIT Services and IT Consulting

Oracle Cloud SCMInformation Technology & Services

Loading…

Oracle University Similar Companies

Reply

reply.com

Reply [EXM, STAR: REY] specialises in the design and implementation of solutions based on new communication channels and digital media. As a network of highly specialised companies, Reply defines and develops business models enabled by the new models of AI, big data, cloud computing, digital media and the internet of things. Reply delivers consulting, system integration and digital services to organisations across the telecom and media; industry and services; banking and insurance; and public sectors.

Eviden

eviden.com

Eviden is the Atos Group brand for hardware and software products with c. € 1 billion in revenue, operating in 36 countries and comprising four business units: advanced computing, cybersecurity products, mission-critical systems and vision AI. As a next-generation technology leader, Eviden offers a unique combination of hardware and software technologies for businesses, public sector and defense organizations and research institutions, helping them to create value out of their data. Bringing together more than 4,500 world-class talents and holding more than 2,100 patents, Eviden provides a strong portfolio of innovative and eco-efficient solutions in AI, computing, security, data and applications.

CACI International Inc

cb caci.com

At CACI International Inc (NYSE: CACI), our 25,000 talented and dynamic employees are ever vigilant in delivering distinctive expertise and technology to meet our customers’ greatest challenges in national security. We are a company of good character, relentless innovation, and long-standing excellence. Our culture drives our success and earns us recognition as a Fortune World's Most Admired Company. CACI is a member of the Fortune 500™ Largest Companies, the Russell 1000 Index, and the S&P MidCap 400 Index. For more information, visit us at www.caci.com. CACI is an Equal Opportunity Employer - Females/Minorities/Protected Veterans/Individuals with Disabilities

Persistent Systems

persistent.com

We are an AI-led, platform-driven Digital Engineering and Enterprise Modernization partner, combining deep technical expertise and industry experience to help our clients anticipate what’s next. Our offerings and proven solutions create a unique competitive advantage for our clients by giving them the power to see beyond and rise above. We work with many industry-leading organizations across the world, including 20 Fortune 50 companies and 4 of the 5 top banks in both the US and India, and numerous innovators across the healthcare ecosystem. Our disruptor’s mindset, commitment to client success, and agility to thrive in the dynamic environment have enabled us to sustain our growth momentum. Persistent has been recognized across top industry platforms for innovation, leadership, and inclusion. We have delivered 22 sequential quarters of growth with $406.2M in Q2 FY26 revenue, up 4.2% Q-o-Q and 17.6% Y-o-Y growth. Our 26,000+ global team members, located in 18 countries, have been instrumental in helping the market leaders transform their industries. We received ‘Growth Honor of the Year’ at Everest Group Elevate 2025 and were cited as a Leader in the Everest Group Talent Readiness for Next-generation Cloud Services PEAK Matrix® Assessment 2025. Our company fosters a values-driven and people-centric work environment that enables our employees to: - Accelerate growth, both professionally and personally - Impact the world in powerful, positive ways, using the latest technologies - Enjoy collaborative innovation, with diversity and work-life wellbeing at the core - Unlock global opportunities to work and learn with the industry’s best Let’s unleash your full potential at Persistent - persistent.com/careers

Sogeti

sogeti.com

Part of the Capgemini Group, Sogeti makes business value through technology for organizations that need to implement innovation at speed and want a local partner with global scale. With a hands-on culture and close proximity to its clients, Sogeti implements solutions that will help organizations work faster, better, and smarter. By combining its agility and speed of implementation through a DevOps approach, Sogeti delivers innovative solutions in quality engineering, cloud and application development, all driven by AI, data and automation. For more information please visit www.sogeti.com.

HGS

hgs.cx

A global leader in optimizing the customer experience lifecycle, digital transformation, and business process management, HGS is helping its clients become more competitive every day. HGS combines automation, analytics, and artificial intelligence with deep domain expertise focusing on digital customer experiences, back-office processing, contact centers, and HRO solutions. Part of the multi-billion-dollar conglomerate Hinduja Group, HGS takes a “globally local” approach with over 18,000+ employees across 38 delivery centers in 9 countries.

Allianz Technology

allianz.com

With its headquarters in Munich, Germany, Allianz Technology is Allianz's global IT service provider and delivers IT solutions that drive the group's digitalization. With more than 11,000 employees in more than 20 countries around the world, Allianz Technology is tasked to run, optimize, transform, and innovate the infrastructure, applications, and services together with Allianz companies to co-create the best customer experience. We service the entire spectrum of digitalization - from one of the industry's largest IT infrastructure projects that spans data centres, networks, and security, to application platforms ranging from workplace services to digital interaction. In short: We deliver comprehensive end-to-end IT solutions for Allianz in the digital age. We are the backbone of Allianz.

Sutherland

sutherlandglobal.com

Artificial Intelligence. Automation. Cloud Engineering. Advanced Analytics. For Enterprises, these are key factors of success. For us, they’re our core expertise. We work with global iconic brands. We bring them a unique value proposition through market-leading technologies and business process excellence. At the heart of it all is Digital Engineering services – the foundation that powers rapid innovation and scalable business transformation. We’ve created 363 unique and independent inventions, 250 of which are AI-based and rolled up under several patent grants in critical technologies. Leveraging our advanced products and platforms, we drive digital transformation at scale, optimize critical business operations, reinvent experiences, and pioneer new solutions, all provided through a seamless “as-a-service” model. For each company, we provide new keys for their businesses, the people they work with, and the customers they serve. With proven strategies and agile execution, we don’t just enable change — we engineer digital outcomes.

Globant

cb globant.link

At Globant, we create the digitally-native products that people love. We bridge the gap between businesses and consumers through technology and creativity, leveraging our experience as an AI powerhouse. We dare to digitally transform organizations and strive to delight their customers. - We have more than 30,000 employees and are present in 33 countries across 5 continents, working for companies like Google, Electronic Arts, and Santander, among others. - We were named a Worldwide Leader in AI Services (2023) and a Worldwide Leader in CX Improvement Services (2020) by IDC MarketScape report. - We are the fastest-growing IT brand and the 5th strongest IT brand globally (2024), according to Brand Finance. - We were featured as a business case study at Harvard, MIT, and Stanford. - We are active members of The Green Software Foundation (GSF) and the Cybersecurity Tech Accord. For more information, visit https://bit.ly/globant_com Follow us: http://www.twitter.com/globant http://www.youtube.com/Globant http://www.facebook.com/Globant https://instagram.com/Globant https://www.tiktok.com/@globant

Loading…

NEWS

Oracle University CyberSecurity News

Latest updates, reports, and threat intel affecting the global network.

February 12, 2026 08:00 AM

Empowering the Future: Oracle’s SDI Accelerates Tech Adoption and National Competitiveness in Latin America

Oracle's Skills Development Initiative (SDI) is bridging the digital skills gap in Latin America, empowering 13000+ learners with in-demand...

Read Article

February 12, 2026 07:44 AM

Rwanda, Oracle launch national digital skills initiative

Program offers certifications in AI, cloud, cybersecurity Aims to address skills gap and high unemployment Rwanda and U.S. technology company Oracle...

Read Article

February 06, 2026 11:12 AM

Oracle to train 15,000 tech professionals in West Bengal by 2029

Oracle has announced a partnership with the West Bengal Electronics Industry Development Corporation Limited (WEBEL) to train 15,000 students and...

Read Article

February 05, 2026 08:00 AM

Oracle to train 15,000 students and professionals in West Bengal

Collaboration with WEBEL focuses on cloud, AI, cybersecurity and data science skills.

Read Article

February 05, 2026 07:10 AM

Oracle partners with West Bengal government to train 15,000 in AI and Cloud

Oracle and WEBEL are training 15,000 West Bengal professionals in AI, Cloud, and Cybersecurity by 2029. The free program offers 200+ hours...

Read Article

February 04, 2026 08:00 AM

Oracle Trains 15,000 Students and Professionals in the Latest Technologies to Fuel West Bengal’s Digital Future

Oracle today announced its collaboration with West Bengal Electronics Industry Development Corporation Limited (WEBEL), a Government of West...

Read Article

February 04, 2026 08:00 AM

ShinyHunters Claims Breach of Harvard and UPenn Data

Record Exposure: The ShinyHunters hacking group claims to have compromised more than 2.2 million records from Harvard University and the...

Read Article

February 02, 2026 08:00 AM

Penn GSE email hack impacted fewer than 10 individuals, according to new filing

A class action lawsuit against Penn over an October 2025 data breach at the Graduate School of Education will not proceed after a new court...

Read Article

January 29, 2026 08:00 AM

USF’s Bellini College of AI marks rapid growth in its first semester

The Bellini College of Artificial Intelligence, Cybersecurity and Computing is working to expand its programs, research opportunities and...

Read Article

Loading…

CVE

Latest

Global CVEs (Not Company-Specific)

CVE-2026-54236

SUMMARY

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, the fix for CVE-2026-22778, which introduced a sanitize_message helper that strips object-repr memory addresses from error messages before they reach the client, is incomplete: several response paths echo str(exc) directly to clients without calling sanitize_message. The unsanitized sites include the Anthropic API router in vllm/entrypoints/anthropic/api_router.py (the POST /v1/messages and POST /v1/messages/count_tokens handlers), the Server-Sent Events streaming converter in vllm/entrypoints/anthropic/serving.py, and the realtime speech-to-text WebSocket in vllm/entrypoints/speech_to_text/realtime/connection.py. These paths catch the exception inside the route coroutine and construct the JSONResponse themselves, bypassing the sanitizing global FastAPI exception handler, and WebSocket frames do not traverse that handler chain at all. Using the same primitive as the parent issue, an unauthenticated attacker can send malformed image bytes through the Anthropic Messages API image content parts so that PIL.Image.open raises an UnidentifiedImageError whose message contains the BytesIO object repr, leaking the heap memory address verbatim in the error.message field of the response body. This vulnerability is fixed in 0.23.1rc0.

Published

Date2026-06-22

Updated

Date2026-06-22

RISK INFORMATION (Score: 5.3)

cvss3

Base Score: 5.3

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Impact Score

1.4

Exploitability

3.9

REFERENCES

CVE-2026-54235

SUMMARY

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, ll temperature validation gates use comparison operators (<, >), which silently evaluate to False for NaN and for positive Infinity in Python's IEEE 754 float semantics. Both values pass every guard and propagate to GPU sampling kernels, where they produce undefined behavior or CUDA errors that can crash the inference worker. This vulnerability is fixed in 0.23.1rc0.

Published

Date2026-06-22

Updated

Date2026-06-22

RISK INFORMATION (Score: )

cvss4

Base Score: 6.9

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-54233

SUMMARY

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, vLLM's /v1/audio/transcriptions endpoint limits compressed upload size but not decoded PCM output. A 25MB OPUS file expands to ~14.9GB of float32 PCM at decode time. This vulnerability is fixed in 0.23.1rc0.

Published

Date2026-06-22

Updated

Date2026-06-22

RISK INFORMATION (Score: 6.5)

cvss3

Base Score: 6.5

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Impact Score

3.6

Exploitability

2.8

REFERENCES

CVE-2026-54232

SUMMARY

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.1, the vLLM Dockerfile is vulnerable to a dependency confusion attack through the flashinfer-jit-cache package. The package is installed from a custom index (flashinfer.ai/whl/) using --extra-index-url, but the package name was not registered on PyPI, and UV_INDEX_STRATEGY="unsafe-best-match" is set globally. An attacker who registers flashinfer-jit-cache on PyPI with version 0.6.11.post2 can execute arbitrary code as root during the Docker build and backdoor every resulting container image, enabling exfiltration of all user prompts, API credentials, and model data from production vLLM deployments This vulnerability is fixed in 0.22.1.

Published

Date2026-06-22

Updated

Date2026-06-22

RISK INFORMATION (Score: 8.8)

cvss3

Base Score: 8.8

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score

5.9

Exploitability

2.8

REFERENCES

https://github.com/vllm-project/vllm/security/advisories/GHSA-jrf6-vqxq-pjv2

CVE-2026-53923

SUMMARY

vLLM is an inference and serving engine for large language models (LLMs). From 0.5.5 until 0.23.1rc0, integer truncation of tensor dimensions in vLLM's GGUF dequantize kernels (csrc/quantization/gguf/gguf_kernel.cu) causes partial tensor processing. The output tensor is allocated at full size via torch::empty (uninitialized memory), but the dequantize CUDA kernel processes only a truncated number of elements. The unfilled portion of the output tensor retains whatever was previously in GPU memory. In multi-tenant inference deployments, this residual GPU memory may contain tensor data from other users' inference requests, constituting information disclosure. This vulnerability is fixed in 0.23.1rc0.

Published

Date2026-06-22

Updated

Date2026-06-22

RISK INFORMATION (Score: )

cvss4

Base Score: 5.3

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

Loading…

API

Access Data Using Our API

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'

Try It API Documentation Rapid

MEASURE

What Do We Measure ?

Incident

Finding

Grade

Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network SecurityIdentify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat IntelligenceLeverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Rankiteo

By Rankiteo

★ ★ ★ ★ ★

View on G2.com

Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.

View latest plans →View all security reports →

MILESTONEG

Users
Love Us

Loading…