AI Threat Alert
CVE-2026-6608
MEDIUMA vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function add_text of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. The attack can be launched remotely. The exploit is now public and may be used. The root cause was...
Full CISO analysis pending enrichment.
Severity & Risk
Attack Surface
Recommended Action
No patch available
Monitor for updates. Consider compensating controls or temporary mitigations.
Compliance Impact
Compliance analysis pending. Sign in for full compliance mapping when available.
Frequently Asked Questions
What is CVE-2026-6608?
A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function add_text of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. The attack can be launched remotely. The exploit is now public and may be used. The root cause was fixed in commit 34eca62 for gradio_block_arena_named.py, but three other files were missed.
Is CVE-2026-6608 actively exploited?
No confirmed active exploitation of CVE-2026-6608 has been reported, but organizations should still patch proactively.
How to fix CVE-2026-6608?
No patch is currently available. Monitor vendor advisories for updates.
What is the CVSS score for CVE-2026-6608?
CVE-2026-6608 has a CVSS v3.1 base score of 5.3 (MEDIUM).
Technical Details
NVD Description
A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function add_text of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. The attack can be launched remotely. The exploit is now public and may be used. The root cause was fixed in commit 34eca62 for gradio_block_arena_named.py, but three other files were missed.
Weaknesses (CWE)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N