CVE-2026-15574: A flaw was found in the vllm-orchestrator-gateway component. The system's production binary logs all incoming authorizat
Summary
A flaw in the vllm-orchestrator-gateway component (a system that manages requests to AI language models) logs sensitive information like authorization headers (credentials that prove who you are), bearer tokens (temporary access passwords), and full chat conversations to persistent logs (files stored on disk). Any user with access to the logging system can read this data, which may include personally identifiable information (PII, such as names or account details) and secrets, allowing attackers to steal credentials and private conversation content.
Vulnerability Details
7.5(high)
EPSS: 0.3%
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
network
low
none
none
July 13, 2026
Classification
Affected Vendors
Related Issues
GHSA-382c-vx95-w3p5: Gittensory: Missing contributor-scoped access control on profile endpoint and MCP tool leaks miner financial data
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-15574
First tracked: July 13, 2026 at 02:09 PM
Classified by LLM (prompt v3) · confidence: 92%