CVE-2026-6608

MEDIUM

lm-sys fastchat Arena Side-by-Side View add_text control flow

Title source: cna

Description

A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function add_text of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. The attack can be launched remotely. The exploit is now public and may be used. The root cause was fixed in commit 34eca62 for gradio_block_arena_named.py, but three other files were missed.

References (6)

Core 6

Core References

Vdb Entry, Technical Description vdb-entry technical-description

VDB-358243 | lm-sys fastchat Arena Side-by-Side View add_text control flow

https://vuldb.com/vuln/358243

Signature, Permissions Required signature permissions-required

VDB-358243 | CTI Indicators (IOB, IOC, IOA)

https://vuldb.com/vuln/358243/cti

Third Party Advisory third-party-advisory

Submit #792228 | LM-Sys FastChat <= 0.2.36 Content Moderation Bypass (CWE-670)

https://vuldb.com/submit/792228

Issue Tracking issue-tracking

https://github.com/lm-sys/FastChat/issues/3834

Exploit exploit

https://gist.github.com/YLChen-007/e45039d23e698222d887ee09735d9d36

Product product

https://github.com/lm-sys/FastChat/

Scores

CVSS v3 5.3

EPSS 0.0031

EPSS Percentile 22.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-670

Status published

Products (38)

lm-sys/fastchat 0.2.0

lm-sys/fastchat 0.2.1

lm-sys/fastchat 0.2.10

lm-sys/fastchat 0.2.11

lm-sys/fastchat 0.2.12

lm-sys/fastchat 0.2.13

lm-sys/fastchat 0.2.14

lm-sys/fastchat 0.2.15

lm-sys/fastchat 0.2.16

lm-sys/fastchat 0.2.17

... and 28 more

Published Apr 20, 2026

Tracked Since Apr 20, 2026