CWE-670
Always-Incorrect Control Flow Implementation
The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.
CVE-2026-40960 (GCVE-0-2026-40960)
Vulnerability from cvelistv5 – Published: 2026-04-16 00:54 – Updated: 2026-04-16 12:31
VLAI
Summary
Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trusted_mods or secure.http_mods, then a crafted mod can intercept the request for the insecure environment or HTTP API, and also receive access to it.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-670 - Always-Incorrect Control Flow Implementation
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40960",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-16T12:22:19.771370Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T12:31:57.082Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Luanti",
"vendor": "Luanti",
"versions": [
{
"lessThan": "5.15.2",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trusted_mods or secure.http_mods, then a crafted mod can intercept the request for the insecure environment or HTTP API, and also receive access to it."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-670",
"description": "CWE-670 Always-Incorrect Control Flow Implementation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T01:20:26.427Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/luanti-org/luanti/security/advisories/GHSA-22c4-238c-m5j4"
},
{
"url": "https://github.com/luanti-org/luanti/commit/0faf529bc4b89e70a275ed1162047815118f2413"
},
{
"url": "https://github.com/luanti-org/luanti/commit/827fd4cf7f989482b2dad381fa4afd642ea73e8c"
}
],
"x_generator": {
"engine": "CVE-Request-form 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2026-40960",
"datePublished": "2026-04-16T00:54:45.935Z",
"dateReserved": "2026-04-16T00:54:45.558Z",
"dateUpdated": "2026-04-16T12:31:57.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41527 (GCVE-0-2026-41527)
Vulnerability from cvelistv5 – Published: 2026-04-21 00:00 – Updated: 2026-04-22 15:35
VLAI
Summary
KDE Kleopatra before 26.08.0 on Windows allows local users to obtain the privileges of a Kleopatra user, because there is an error in the mechanism (KUniqueService) for ensuring that only one instance is running.
Severity
6.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-670 - Always-Incorrect Control Flow Implementation
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41527",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-22T12:58:38.651028Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T15:35:24.571Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Kleopatra",
"vendor": "KDE",
"versions": [
{
"lessThan": "26.08.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "KDE Kleopatra before 26.08.0 on Windows allows local users to obtain the privileges of a Kleopatra user, because there is an error in the mechanism (KUniqueService) for ensuring that only one instance is running."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-670",
"description": "CWE-670 Always-Incorrect Control Flow Implementation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T21:19:44.293Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/KDE/kleopatra/releases"
},
{
"url": "https://commits.kde.org/kleopatra/73471abb92d99c56354adb582bfaec2764c22b79"
},
{
"url": "https://kde.org/info/security/advisory-20260408-1.txt"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2026-41527",
"datePublished": "2026-04-21T00:00:00.000Z",
"dateReserved": "2026-04-20T00:00:00.000Z",
"dateUpdated": "2026-04-22T15:35:24.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41988 (GCVE-0-2026-41988)
Vulnerability from cvelistv5 – Published: 2026-04-23 04:00 – Updated: 2026-04-23 16:22
VLAI
Summary
uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6. In particular, UUID version 4, which is very commonly used, is unaffected by this issue.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-670 - Always-Incorrect Control Flow Implementation
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41988",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-23T14:48:49.689201Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T16:22:56.684Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/uuid",
"product": "uuid",
"vendor": "uuidjs",
"versions": [
{
"lessThan": "14.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6. In particular, UUID version 4, which is very commonly used, is unaffected by this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-670",
"description": "CWE-670 Always-Incorrect Control Flow Implementation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T05:10:10.422Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq"
},
{
"url": "https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34"
}
],
"x_generator": {
"engine": "CVE-Request-form 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2026-41988",
"datePublished": "2026-04-23T04:00:54.960Z",
"dateReserved": "2026-04-23T04:00:54.532Z",
"dateUpdated": "2026-04-23T16:22:56.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44928 (GCVE-0-2026-44928)
Vulnerability from cvelistv5 – Published: 2026-05-08 07:15 – Updated: 2026-05-10 05:45
VLAI
Summary
In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-670 - Always-Incorrect Control Flow Implementation
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44928",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-08T12:48:46.175917Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-08T12:49:01.200Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "uriparser",
"vendor": "uriparser",
"versions": [
{
"lessThan": "1.0.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-670",
"description": "CWE-670 Always-Incorrect Control Flow Implementation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-10T05:45:32.602Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/uriparser/uriparser/pull/305"
}
],
"x_generator": {
"engine": "CVE-Request-form 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2026-44928",
"datePublished": "2026-05-08T07:15:28.378Z",
"dateReserved": "2026-05-08T07:15:27.989Z",
"dateUpdated": "2026-05-10T05:45:32.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48844 (GCVE-0-2026-48844)
Vulnerability from cvelistv5 – Published: 2026-05-25 19:14 – Updated: 2026-05-26 12:48
VLAI
Summary
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection. (Support for code evaluation has been removed in 1.6.16 and 1.7.1.)
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-670 - Always-Incorrect Control Flow Implementation
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-48844",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T12:47:59.328236Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T12:48:17.535Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Webmail",
"vendor": "Roundcube",
"versions": [
{
"lessThan": "1.6.16",
"status": "affected",
"version": "1.6.0",
"versionType": "semver"
},
{
"lessThan": "1.7.1",
"status": "affected",
"version": "1.7.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.6.16",
"versionStartIncluding": "1.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.7.1",
"versionStartIncluding": "1.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection. (Support for code evaluation has been removed in 1.6.16 and 1.7.1.)"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-670",
"description": "CWE-670 Always-Incorrect Control Flow Implementation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-25T19:14:48.753Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1"
},
{
"url": "https://github.com/roundcube/roundcubemail/releases/tag/1.7.1"
},
{
"url": "https://github.com/roundcube/roundcubemail/commit/6a777d7394b763ce9acfce86c1a521e14a02d862"
},
{
"url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.16"
},
{
"url": "https://github.com/roundcube/roundcubemail/commit/ea1798a6fbf060abcc0ba73b2435036bf8016a5a"
}
],
"x_generator": {
"engine": "CVE-Request-form 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2026-48844",
"datePublished": "2026-05-25T19:14:48.753Z",
"dateReserved": "2026-05-25T19:14:48.252Z",
"dateUpdated": "2026-05-26T12:48:17.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6608 (GCVE-0-2026-6608)
Vulnerability from cvelistv5 – Published: 2026-04-20 05:15 – Updated: 2026-04-20 14:57
VLAI
Title
lm-sys fastchat Arena Side-by-Side View add_text control flow
Summary
A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function add_text of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. The attack can be launched remotely. The exploit is now public and may be used. The root cause was fixed in commit 34eca62 for gradio_block_arena_named.py, but three other files were missed.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-670 - Incorrect Control Flow
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/358243 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/358243/cti | signaturepermissions-required |
| https://vuldb.com/submit/792228 | third-party-advisory |
| https://github.com/lm-sys/FastChat/issues/3834 | issue-tracking |
| https://gist.github.com/YLChen-007/e45039d23e6982… | exploit |
| https://github.com/lm-sys/FastChat/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| lm-sys | fastchat |
Affected:
0.2.0
Affected: 0.2.1 Affected: 0.2.2 Affected: 0.2.3 Affected: 0.2.4 Affected: 0.2.5 Affected: 0.2.6 Affected: 0.2.7 Affected: 0.2.8 Affected: 0.2.9 Affected: 0.2.10 Affected: 0.2.11 Affected: 0.2.12 Affected: 0.2.13 Affected: 0.2.14 Affected: 0.2.15 Affected: 0.2.16 Affected: 0.2.17 Affected: 0.2.18 Affected: 0.2.19 Affected: 0.2.20 Affected: 0.2.21 Affected: 0.2.22 Affected: 0.2.23 Affected: 0.2.24 Affected: 0.2.25 Affected: 0.2.26 Affected: 0.2.27 Affected: 0.2.28 Affected: 0.2.29 Affected: 0.2.30 Affected: 0.2.31 Affected: 0.2.32 Affected: 0.2.33 Affected: 0.2.34 Affected: 0.2.35 Affected: 0.2.36 cpe:2.3:a:lm-sys:fastchat:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6608",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-20T14:57:43.886595Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T14:57:55.071Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:lm-sys:fastchat:*:*:*:*:*:*:*:*"
],
"modules": [
"Arena Side-by-Side View Handler"
],
"product": "fastchat",
"vendor": "lm-sys",
"versions": [
{
"status": "affected",
"version": "0.2.0"
},
{
"status": "affected",
"version": "0.2.1"
},
{
"status": "affected",
"version": "0.2.2"
},
{
"status": "affected",
"version": "0.2.3"
},
{
"status": "affected",
"version": "0.2.4"
},
{
"status": "affected",
"version": "0.2.5"
},
{
"status": "affected",
"version": "0.2.6"
},
{
"status": "affected",
"version": "0.2.7"
},
{
"status": "affected",
"version": "0.2.8"
},
{
"status": "affected",
"version": "0.2.9"
},
{
"status": "affected",
"version": "0.2.10"
},
{
"status": "affected",
"version": "0.2.11"
},
{
"status": "affected",
"version": "0.2.12"
},
{
"status": "affected",
"version": "0.2.13"
},
{
"status": "affected",
"version": "0.2.14"
},
{
"status": "affected",
"version": "0.2.15"
},
{
"status": "affected",
"version": "0.2.16"
},
{
"status": "affected",
"version": "0.2.17"
},
{
"status": "affected",
"version": "0.2.18"
},
{
"status": "affected",
"version": "0.2.19"
},
{
"status": "affected",
"version": "0.2.20"
},
{
"status": "affected",
"version": "0.2.21"
},
{
"status": "affected",
"version": "0.2.22"
},
{
"status": "affected",
"version": "0.2.23"
},
{
"status": "affected",
"version": "0.2.24"
},
{
"status": "affected",
"version": "0.2.25"
},
{
"status": "affected",
"version": "0.2.26"
},
{
"status": "affected",
"version": "0.2.27"
},
{
"status": "affected",
"version": "0.2.28"
},
{
"status": "affected",
"version": "0.2.29"
},
{
"status": "affected",
"version": "0.2.30"
},
{
"status": "affected",
"version": "0.2.31"
},
{
"status": "affected",
"version": "0.2.32"
},
{
"status": "affected",
"version": "0.2.33"
},
{
"status": "affected",
"version": "0.2.34"
},
{
"status": "affected",
"version": "0.2.35"
},
{
"status": "affected",
"version": "0.2.36"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-f (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function add_text of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. The attack can be launched remotely. The exploit is now public and may be used. The root cause was fixed in commit 34eca62 for gradio_block_arena_named.py, but three other files were missed."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-670",
"description": "Incorrect Control Flow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T05:15:12.337Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-358243 | lm-sys fastchat Arena Side-by-Side View add_text control flow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/358243"
},
{
"name": "VDB-358243 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/358243/cti"
},
{
"name": "Submit #792228 | LM-Sys FastChat \u003c= 0.2.36 Content Moderation Bypass (CWE-670)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/792228"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/lm-sys/FastChat/issues/3834"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/YLChen-007/e45039d23e698222d887ee09735d9d36"
},
{
"tags": [
"product"
],
"url": "https://github.com/lm-sys/FastChat/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-19T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-19T18:04:52.000Z",
"value": "VulDB entry last update"
}
],
"title": "lm-sys fastchat Arena Side-by-Side View add_text control flow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-6608",
"datePublished": "2026-04-20T05:15:12.337Z",
"dateReserved": "2026-04-19T15:59:43.122Z",
"dateUpdated": "2026-04-20T14:57:55.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.