CVE-2026-6608

Summary

A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function add_text of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. The attack can be launched remotely. The exploit is now public and may be used. The root cause was fixed in commit 34eca62 for gradio_block_arena_named.py, but three other files were missed.

Affected Software

VendorProductVersion RangeStatus
lm-sysfastchat0.2.0affected
lm-sysfastchat0.2.1affected
lm-sysfastchat0.2.2affected
lm-sysfastchat0.2.3affected
lm-sysfastchat0.2.4affected
lm-sysfastchat0.2.5affected
lm-sysfastchat0.2.6affected
lm-sysfastchat0.2.7affected
lm-sysfastchat0.2.8affected
lm-sysfastchat0.2.9affected
lm-sysfastchat0.2.10affected
lm-sysfastchat0.2.11affected
lm-sysfastchat0.2.12affected
lm-sysfastchat0.2.13affected
lm-sysfastchat0.2.14affected
lm-sysfastchat0.2.15affected
lm-sysfastchat0.2.16affected
lm-sysfastchat0.2.17affected
lm-sysfastchat0.2.18affected
lm-sysfastchat0.2.19affected
lm-sysfastchat0.2.20affected
lm-sysfastchat0.2.21affected
lm-sysfastchat0.2.22affected
lm-sysfastchat0.2.23affected
lm-sysfastchat0.2.24affected
lm-sysfastchat0.2.25affected
lm-sysfastchat0.2.26affected
lm-sysfastchat0.2.27affected
lm-sysfastchat0.2.28affected
lm-sysfastchat0.2.29affected
lm-sysfastchat0.2.30affected
lm-sysfastchat0.2.31affected
lm-sysfastchat0.2.32affected
lm-sysfastchat0.2.33affected
lm-sysfastchat0.2.34affected
lm-sysfastchat0.2.35affected
lm-sysfastchat0.2.36affected

Weaknesses

  • CWE-670: Incorrect Control Flow

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References