← Voltar para CVEs
CVE-2026-6608
MEDIUM5.3
Descricao
A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function add_text of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. The attack can be launched remotely. The exploit is now public and may be used. The root cause was fixed in commit 34eca62 for gradio_block_arena_named.py, but three other files were missed.
Detalhes CVE
Pontuacao CVSS v3.15.3
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado4/20/2026
Ultima modificacao4/22/2026
Fontenvd
Avistamentos honeypot0
Fraquezas (CWE)
CWE-670
Referencias
https://github.com/lm-sys/FastChat/(cna@vuldb.com)
https://github.com/lm-sys/FastChat/issues/3834(cna@vuldb.com)
https://vuldb.com/submit/792228(cna@vuldb.com)
https://vuldb.com/vuln/358243(cna@vuldb.com)
https://vuldb.com/vuln/358243/cti(cna@vuldb.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.