CVE-2026-6608

MEDIUM

lm-sys fastchat Arena Side-by-Side View add_text control flow

Title source: cna

Description

A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function add_text of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. The attack can be launched remotely. The exploit is now public and may be used. The root cause was fixed in commit 34eca62 for gradio_block_arena_named.py, but three other files were missed.

References (6)

[Vdb Entry, Technical Description] https://vuldb.com/vuln/358243

[Signature, Permissions Required] https://vuldb.com/vuln/358243/cti

[Third Party Advisory] https://vuldb.com/submit/792228

[Issue Tracking] https://github.com/lm-sys/FastChat/issues/3834

[Exploit] https://gist.github.com/YLChen-007/e45039d23e698222d887ee09735d9d36

[Product] https://github.com/lm-sys/FastChat/

Scores

CVSS v3 5.3

EPSS 0.0003

EPSS Percentile 10.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

CWE

CWE-670

Status published

Products (38)

lm-sys/fastchat 0.2.0

lm-sys/fastchat 0.2.1

lm-sys/fastchat 0.2.10

lm-sys/fastchat 0.2.11

lm-sys/fastchat 0.2.12

lm-sys/fastchat 0.2.13

lm-sys/fastchat 0.2.14

lm-sys/fastchat 0.2.15

lm-sys/fastchat 0.2.16

lm-sys/fastchat 0.2.17

... and 28 more

Published Apr 20, 2026

Tracked Since Apr 20, 2026