CVE-2026-6608 (GCVE-0-2026-6608)
Vulnerability from cvelistv5
Published
2026-04-20 05:15
Modified
2026-04-20 14:57
Severity ?
5.5 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RC:R
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RC:R
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RC:R
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RC:R
VLAI Severity ?
EPSS score ?
CWE
- CWE-670 - Incorrect Control Flow
Summary
A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function add_text of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. The attack can be launched remotely. The exploit is now public and may be used. The root cause was fixed in commit 34eca62 for gradio_block_arena_named.py, but three other files were missed.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| lm-sys | fastchat |
Version: 0.2.0 Version: 0.2.1 Version: 0.2.2 Version: 0.2.3 Version: 0.2.4 Version: 0.2.5 Version: 0.2.6 Version: 0.2.7 Version: 0.2.8 Version: 0.2.9 Version: 0.2.10 Version: 0.2.11 Version: 0.2.12 Version: 0.2.13 Version: 0.2.14 Version: 0.2.15 Version: 0.2.16 Version: 0.2.17 Version: 0.2.18 Version: 0.2.19 Version: 0.2.20 Version: 0.2.21 Version: 0.2.22 Version: 0.2.23 Version: 0.2.24 Version: 0.2.25 Version: 0.2.26 Version: 0.2.27 Version: 0.2.28 Version: 0.2.29 Version: 0.2.30 Version: 0.2.31 Version: 0.2.32 Version: 0.2.33 Version: 0.2.34 Version: 0.2.35 Version: 0.2.36 cpe:2.3:a:lm-sys:fastchat:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6608",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-20T14:57:43.886595Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T14:57:55.071Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:lm-sys:fastchat:*:*:*:*:*:*:*:*"
],
"modules": [
"Arena Side-by-Side View Handler"
],
"product": "fastchat",
"vendor": "lm-sys",
"versions": [
{
"status": "affected",
"version": "0.2.0"
},
{
"status": "affected",
"version": "0.2.1"
},
{
"status": "affected",
"version": "0.2.2"
},
{
"status": "affected",
"version": "0.2.3"
},
{
"status": "affected",
"version": "0.2.4"
},
{
"status": "affected",
"version": "0.2.5"
},
{
"status": "affected",
"version": "0.2.6"
},
{
"status": "affected",
"version": "0.2.7"
},
{
"status": "affected",
"version": "0.2.8"
},
{
"status": "affected",
"version": "0.2.9"
},
{
"status": "affected",
"version": "0.2.10"
},
{
"status": "affected",
"version": "0.2.11"
},
{
"status": "affected",
"version": "0.2.12"
},
{
"status": "affected",
"version": "0.2.13"
},
{
"status": "affected",
"version": "0.2.14"
},
{
"status": "affected",
"version": "0.2.15"
},
{
"status": "affected",
"version": "0.2.16"
},
{
"status": "affected",
"version": "0.2.17"
},
{
"status": "affected",
"version": "0.2.18"
},
{
"status": "affected",
"version": "0.2.19"
},
{
"status": "affected",
"version": "0.2.20"
},
{
"status": "affected",
"version": "0.2.21"
},
{
"status": "affected",
"version": "0.2.22"
},
{
"status": "affected",
"version": "0.2.23"
},
{
"status": "affected",
"version": "0.2.24"
},
{
"status": "affected",
"version": "0.2.25"
},
{
"status": "affected",
"version": "0.2.26"
},
{
"status": "affected",
"version": "0.2.27"
},
{
"status": "affected",
"version": "0.2.28"
},
{
"status": "affected",
"version": "0.2.29"
},
{
"status": "affected",
"version": "0.2.30"
},
{
"status": "affected",
"version": "0.2.31"
},
{
"status": "affected",
"version": "0.2.32"
},
{
"status": "affected",
"version": "0.2.33"
},
{
"status": "affected",
"version": "0.2.34"
},
{
"status": "affected",
"version": "0.2.35"
},
{
"status": "affected",
"version": "0.2.36"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-f (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function add_text of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. The attack can be launched remotely. The exploit is now public and may be used. The root cause was fixed in commit 34eca62 for gradio_block_arena_named.py, but three other files were missed."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-670",
"description": "Incorrect Control Flow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T05:15:12.337Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-358243 | lm-sys fastchat Arena Side-by-Side View add_text control flow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/358243"
},
{
"name": "VDB-358243 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/358243/cti"
},
{
"name": "Submit #792228 | LM-Sys FastChat \u003c= 0.2.36 Content Moderation Bypass (CWE-670)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/792228"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/lm-sys/FastChat/issues/3834"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/YLChen-007/e45039d23e698222d887ee09735d9d36"
},
{
"tags": [
"product"
],
"url": "https://github.com/lm-sys/FastChat/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-19T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-19T18:04:52.000Z",
"value": "VulDB entry last update"
}
],
"title": "lm-sys fastchat Arena Side-by-Side View add_text control flow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-6608",
"datePublished": "2026-04-20T05:15:12.337Z",
"dateReserved": "2026-04-19T15:59:43.122Z",
"dateUpdated": "2026-04-20T14:57:55.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-6608\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-20T14:57:43.886595Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-20T14:57:50.383Z\"}}], \"cna\": {\"title\": \"lm-sys fastchat Arena Side-by-Side View add_text control flow\", \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Eric-f (VulDB User)\"}], \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 6.9, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P\"}}, {\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R\"}}, {\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R\"}}, {\"cvssV2_0\": {\"version\": \"2.0\", \"baseScore\": 5, \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR\"}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:lm-sys:fastchat:*:*:*:*:*:*:*:*\"], \"vendor\": \"lm-sys\", \"modules\": [\"Arena Side-by-Side View Handler\"], \"product\": \"fastchat\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.2.0\"}, {\"status\": \"affected\", \"version\": \"0.2.1\"}, {\"status\": \"affected\", \"version\": \"0.2.2\"}, {\"status\": \"affected\", \"version\": \"0.2.3\"}, {\"status\": \"affected\", \"version\": \"0.2.4\"}, {\"status\": \"affected\", \"version\": \"0.2.5\"}, {\"status\": \"affected\", \"version\": \"0.2.6\"}, {\"status\": \"affected\", \"version\": \"0.2.7\"}, {\"status\": \"affected\", \"version\": \"0.2.8\"}, {\"status\": \"affected\", \"version\": \"0.2.9\"}, {\"status\": \"affected\", \"version\": \"0.2.10\"}, {\"status\": \"affected\", \"version\": \"0.2.11\"}, {\"status\": \"affected\", \"version\": \"0.2.12\"}, {\"status\": \"affected\", \"version\": \"0.2.13\"}, {\"status\": \"affected\", \"version\": \"0.2.14\"}, {\"status\": \"affected\", \"version\": \"0.2.15\"}, {\"status\": \"affected\", \"version\": \"0.2.16\"}, {\"status\": \"affected\", \"version\": \"0.2.17\"}, {\"status\": \"affected\", \"version\": \"0.2.18\"}, {\"status\": \"affected\", \"version\": \"0.2.19\"}, {\"status\": \"affected\", \"version\": \"0.2.20\"}, {\"status\": \"affected\", \"version\": \"0.2.21\"}, {\"status\": \"affected\", \"version\": \"0.2.22\"}, {\"status\": \"affected\", \"version\": \"0.2.23\"}, {\"status\": \"affected\", \"version\": \"0.2.24\"}, {\"status\": \"affected\", \"version\": \"0.2.25\"}, {\"status\": \"affected\", \"version\": \"0.2.26\"}, {\"status\": \"affected\", \"version\": \"0.2.27\"}, {\"status\": \"affected\", \"version\": \"0.2.28\"}, {\"status\": \"affected\", \"version\": \"0.2.29\"}, {\"status\": \"affected\", \"version\": \"0.2.30\"}, {\"status\": \"affected\", \"version\": \"0.2.31\"}, {\"status\": \"affected\", \"version\": \"0.2.32\"}, {\"status\": \"affected\", \"version\": \"0.2.33\"}, {\"status\": \"affected\", \"version\": \"0.2.34\"}, {\"status\": \"affected\", \"version\": \"0.2.35\"}, {\"status\": \"affected\", \"version\": \"0.2.36\"}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-04-19T00:00:00.000Z\", \"value\": \"Advisory disclosed\"}, {\"lang\": \"en\", \"time\": \"2026-04-19T02:00:00.000Z\", \"value\": \"VulDB entry created\"}, {\"lang\": \"en\", \"time\": \"2026-04-19T18:04:52.000Z\", \"value\": \"VulDB entry last update\"}], \"references\": [{\"url\": \"https://vuldb.com/vuln/358243\", \"name\": \"VDB-358243 | lm-sys fastchat Arena Side-by-Side View add_text control flow\", \"tags\": [\"vdb-entry\", \"technical-description\"]}, {\"url\": \"https://vuldb.com/vuln/358243/cti\", \"name\": \"VDB-358243 | CTI Indicators (IOB, IOC, IOA)\", \"tags\": [\"signature\", \"permissions-required\"]}, {\"url\": \"https://vuldb.com/submit/792228\", \"name\": \"Submit #792228 | LM-Sys FastChat \u003c= 0.2.36 Content Moderation Bypass (CWE-670)\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://github.com/lm-sys/FastChat/issues/3834\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://gist.github.com/YLChen-007/e45039d23e698222d887ee09735d9d36\", \"tags\": [\"exploit\"]}, {\"url\": \"https://github.com/lm-sys/FastChat/\", \"tags\": [\"product\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function add_text of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. The attack can be launched remotely. The exploit is now public and may be used. The root cause was fixed in commit 34eca62 for gradio_block_arena_named.py, but three other files were missed.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-670\", \"description\": \"Incorrect Control Flow\"}]}], \"providerMetadata\": {\"orgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"shortName\": \"VulDB\", \"dateUpdated\": \"2026-04-20T05:15:12.337Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-6608\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-20T14:57:55.071Z\", \"dateReserved\": \"2026-04-19T15:59:43.122Z\", \"assignerOrgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"datePublished\": \"2026-04-20T05:15:12.337Z\", \"assignerShortName\": \"VulDB\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…