CVE-2026-6608

Source
https://cve.org/CVERecord?id=CVE-2026-6608
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-6608.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-6608
Aliases
Published
2026-04-20T05:15:12.337Z
Modified
2026-07-08T08:13:49.307470652Z
Severity
  • 5.5 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
lm-sys fastchat Arena Side-by-Side View add_text control flow
Details

A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function addtext of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. The attack can be launched remotely. The exploit is now public and may be used. The root cause was fixed in commit 34eca62 for gradioblockarenanamed.py, but three other files were missed.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/6xxx/CVE-2026-6608.json",
    "cwe_ids": [
        "CWE-670"
    ],
    "cna_assigner": "VulDB",
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "0.2.0"
                },
                {
                    "last_affected": "0.2.0"
                },
                {
                    "introduced": "0.2.2"
                },
                {
                    "last_affected": "0.2.2"
                },
                {
                    "introduced": "0.2.4"
                },
                {
                    "last_affected": "0.2.4"
                },
                {
                    "introduced": "0.2.6"
                },
                {
                    "last_affected": "0.2.6"
                },
                {
                    "introduced": "0.2.7"
                },
                {
                    "last_affected": "0.2.7"
                },
                {
                    "introduced": "0.2.8"
                },
                {
                    "last_affected": "0.2.8"
                },
                {
                    "introduced": "0.2.10"
                },
                {
                    "last_affected": "0.2.10"
                },
                {
                    "introduced": "0.2.11"
                },
                {
                    "last_affected": "0.2.11"
                },
                {
                    "introduced": "0.2.12"
                },
                {
                    "last_affected": "0.2.12"
                },
                {
                    "introduced": "0.2.13"
                },
                {
                    "last_affected": "0.2.13"
                },
                {
                    "introduced": "0.2.15"
                },
                {
                    "last_affected": "0.2.15"
                },
                {
                    "introduced": "0.2.16"
                },
                {
                    "last_affected": "0.2.16"
                },
                {
                    "introduced": "0.2.17"
                },
                {
                    "last_affected": "0.2.17"
                },
                {
                    "introduced": "0.2.19"
                },
                {
                    "last_affected": "0.2.19"
                },
                {
                    "introduced": "0.2.20"
                },
                {
                    "last_affected": "0.2.20"
                }
            ]
        }
    ]
}
References

Affected packages

Git / github.com/lm-sys/fastchat

Affected ranges

Type
GIT
Repo
https://github.com/lm-sys/fastchat
Events
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "0.2.1"
        },
        {
            "last_affected": "0.2.1"
        },
        {
            "introduced": "0.2.3"
        },
        {
            "last_affected": "0.2.3"
        },
        {
            "introduced": "0.2.5"
        },
        {
            "last_affected": "0.2.5"
        },
        {
            "introduced": "0.2.9"
        },
        {
            "last_affected": "0.2.9"
        },
        {
            "introduced": "0.2.14"
        },
        {
            "last_affected": "0.2.14"
        },
        {
            "introduced": "0.2.18"
        },
        {
            "last_affected": "0.2.18"
        },
        {
            "introduced": "0.2.21"
        },
        {
            "last_affected": "0.2.21"
        },
        {
            "introduced": "0.2.22"
        },
        {
            "last_affected": "0.2.22"
        },
        {
            "introduced": "0.2.23"
        },
        {
            "last_affected": "0.2.23"
        },
        {
            "introduced": "0.2.24"
        },
        {
            "last_affected": "0.2.24"
        },
        {
            "introduced": "0.2.25"
        },
        {
            "last_affected": "0.2.25"
        },
        {
            "introduced": "0.2.26"
        },
        {
            "last_affected": "0.2.26"
        },
        {
            "introduced": "0.2.27"
        },
        {
            "last_affected": "0.2.27"
        },
        {
            "introduced": "0.2.28"
        },
        {
            "last_affected": "0.2.28"
        },
        {
            "introduced": "0.2.29"
        },
        {
            "last_affected": "0.2.29"
        },
        {
            "introduced": "0.2.30"
        },
        {
            "last_affected": "0.2.30"
        },
        {
            "introduced": "0.2.31"
        },
        {
            "last_affected": "0.2.31"
        },
        {
            "introduced": "0.2.32"
        },
        {
            "last_affected": "0.2.32"
        },
        {
            "introduced": "0.2.33"
        },
        {
            "last_affected": "0.2.33"
        },
        {
            "introduced": "0.2.34"
        },
        {
            "last_affected": "0.2.34"
        },
        {
            "introduced": "0.2.35"
        },
        {
            "last_affected": "0.2.35"
        },
        {
            "introduced": "0.2.36"
        },
        {
            "last_affected": "0.2.36"
        }
    ]
}

Affected versions

0.*
0.2.1
0.2.14
0.2.18
0.2.21
0.2.22
0.2.23
0.2.24
0.2.25
0.2.26
0.2.27
0.2.28
0.2.29
0.2.3
0.2.30
0.2.31
0.2.32
0.2.33
0.2.34
0.2.35
0.2.36
0.2.5
0.2.9
v0.*
v0.2.1
v0.2.14
v0.2.18
v0.2.21
v0.2.22
v0.2.23
v0.2.25
v0.2.26
v0.2.27
v0.2.28
v0.2.29
v0.2.3
v0.2.30
v0.2.31
v0.2.32
v0.2.33
v0.2.34
v0.2.35
v0.2.36
v0.2.5
v0.2.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-6608.json"