CVE-2026-6607 | lm-sys fastchat up to 0.2.36 Worker API Endpoint api_generate resource consumption (Issue 3833)

Inserito da Angelo Barbosa | Apr 19, 2026 | CVE

A vulnerability identified as problematic has been detected in lm-sys fastchat up to 0.2.36. This issue affects the function api_generate of the component Worker API Endpoint. The manipulation leads to resource consumption.

This vulnerability is documented as CVE-2026-6607. The attack can be initiated remotely. Additionally, an exploit exists.

It is suggested to install a patch to address this issue.

Commit ff66426 patched this issue in api_generate of base_model_worker.py and did miss other entry points.

CVE-2026-6607 | lm-sys fastchat up to 0.2.36 Worker API Endpoint api_generate resource consumption (Issue 3833)

Post correlati

CVE-2025-46657 | Karaz Karazal up to 2025-04-14 Default URI lang cross site scripting

CVE-2024-20252 | Cisco TelePresence Video Communication Server Expressway cross-site request forgery (cisco-sa-expressway-csrf-KnnZDMj3)

CVE-2024-53227 | Linux Kernel up to 6.12.1 scsi bfad_im_module_exit use after free

CVE-2025-7453 | saltbo zpan up to 1.6.5/1.7.0-beta2 JSON Web Token token.go NewToken hard-coded password (Issue 219)