CVE-2026-6588 | serge-chat serge up to 1.4TB Model API Endpoint model.py download_model/delete_model missing authentication

Inserito da Angelo Barbosa | Apr 19, 2026 | CVE

A vulnerability was found in serge-chat serge up to 1.4TB and classified as critical. The impacted element is the function download_model/delete_model of the file api/src/serge/routers/model.py of the component Model API Endpoint. Executing a manipulation can lead to missing authentication.

This vulnerability is tracked as CVE-2026-6588. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-6588 | serge-chat serge up to 1.4TB Model API Endpoint model.py download_model/delete_model missing authentication

Post correlati

CVE-2025-26911 | Bowo System Dashboard Plugin up to 2.8.18 on WordPress exposure of sensitive system information to an unauthorized control sphere

CVE-2023-32264 | OpenText Documentum D2 up to 23.2 missing origin validation in websockets (KB0799355)

CVE-2024-9214 | Extra Product Options Builder for WooCommerce Plugin cross site scripting

CVE-2025-5111 | FreeFloat FTP Server 1.0 TYPE Command buffer overflow