CVE-2026-6608

Exploit

EPSS 0.03%
Veröffentlicht 20.04.2026 05:15:12
Zuletzt bearbeitet 20.04.2026 06:16:21
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function add_text of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. The attack can be launched remotely. The exploit is now public and may be used. The root cause was fixed in commit 34eca62 for gradio_block_arena_named.py, but three other files were missed.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 9

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellerlm-sys

≫

Produkt fastchat

Version 0.2.0

Status affected

Version 0.2.1

Status affected

Version 0.2.2

Status affected

Version 0.2.3

Status affected

Version 0.2.4

Status affected

Version 0.2.5

Status affected

Version 0.2.6

Status affected

Version 0.2.7

Status affected

Version 0.2.8

Status affected

Version 0.2.9

Status affected

Version 0.2.10

Status affected

Version 0.2.11

Status affected

Version 0.2.12

Status affected

Version 0.2.13

Status affected

Version 0.2.14

Status affected

Version 0.2.15

Status affected

Version 0.2.16

Status affected

Version 0.2.17

Status affected

Version 0.2.18

Status affected

Version 0.2.19

Status affected

Version 0.2.20

Status affected

Version 0.2.21

Status affected

Version 0.2.22

Status affected

Version 0.2.23

Status affected

Version 0.2.24

Status affected

Version 0.2.25

Status affected

Version 0.2.26

Status affected

Version 0.2.27

Status affected

Version 0.2.28

Status affected

Version 0.2.29

Status affected

Version 0.2.30

Status affected

Version 0.2.31

Status affected

Version 0.2.32

Status affected

Version 0.2.33

Status affected

Version 0.2.34

Status affected

Version 0.2.35

Status affected

Version 0.2.36

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.1

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@vuldb.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
cna@vuldb.com	5.5	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-670 Always-Incorrect Control Flow Implementation

The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.

https://github.com/lm-sys/FastChat/

https://vuldb.com/vuln/358243

https://vuldb.com/vuln/358243/cti

https://vuldb.com/submit/792228

https://github.com/lm-sys/FastChat/issues/3834

https://gist.github.com/YLChen-007/e45039d23e698222d887ee09735d9d36

https://nvd.nist.gov/vuln/detail/CVE-2026-6608

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-6608

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-6608

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-6608