{"data":{"id":"c657464e-18fe-44a6-a9b7-05cae8a83284","title":"CVE-2026-15574: A flaw was found in the vllm-orchestrator-gateway component. The system's production binary logs all incoming authorizat","summary":"A flaw in the vllm-orchestrator-gateway component (a system that manages requests to AI language models) logs sensitive information like authorization headers (credentials that prove who you are), bearer tokens (temporary access passwords), and full chat conversations to persistent logs (files stored on disk). Any user with access to the logging system can read this data, which may include personally identifiable information (PII, such as names or account details) and secrets, allowing attackers to steal credentials and private conversation content.","solution":"N/A -- no mitigation discussed in source.","labels":["security","privacy"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-15574","publishedAt":"2026-07-13T09:16:24.550Z","cveId":"CVE-2026-15574","cweIds":["CWE-538"],"cvssScore":"7.5","cvssSeverity":"high","severity":"high","attackType":["pii_leakage"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["vLLM","vllm-orchestrator-gateway"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0.00259,"patchAvailable":null,"disclosureDate":"2026-07-13T09:16:24.550Z","capecIds":["CAPEC-127"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality"],"aiComponentTargeted":"inference","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}