{"data":{"id":"ecfc61b2-3cfb-455e-9718-ffdc8d4db6e7","title":"CVE-2026-6608: A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function add_text of the component Arena S","summary":"A vulnerability (CVE-2026-6608) was found in lm-sys fastchat up to version 0.2.36 in the add_text function of the Arena Side-by-Side View Handler component, which allows incorrect control flow (improper program execution logic) that can be exploited remotely. The root cause was partially fixed in commit 34eca62 for one file, but three other files containing the same issue were not corrected.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-6608","publishedAt":"2026-04-20T06:16:21.733Z","cveId":"CVE-2026-6608","cweIds":["CWE-670"],"cvssScore":"5.3","cvssSeverity":"medium","severity":"medium","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["lm-sys","FastChat","Gradio"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-04-20T06:16:21.733Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}