CVE-2026-6608 | lm-sys fastchat up to 0.2.36 Arena Side-by-Side View add_text control flow (Issue 3834)

Inserito da Angelo Barbosa | Apr 19, 2026 | CVE

A vulnerability labeled as problematic has been found in lm-sys fastchat up to 0.2.36. Impacted is the function add_text of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow.

This vulnerability is reported as CVE-2026-6608. The attack can be launched remotely. Moreover, an exploit is present.

The root cause was fixed in commit 34eca62 for gradio_block_arena_named.py, but three other files were missed.

CVE-2026-6608 | lm-sys fastchat up to 0.2.36 Arena Side-by-Side View add_text control flow (Issue 3834)

Post correlati

CVE-2024-1899 | Showdownjs up to 2.1.0 Anchors Subparser denial of service

CVE-2024-22368 | Spreadsheet::ParseXLSX prior 0.28 on Perl XLSX Document resource consumption

CVE-2024-12104 | Visual Website Collaboration, Feedback & Project Management Plugin Project Page authorization

CVE-2023-54206 | Linux Kernel up to 6.3.2 fl_change initialization