CVE-2026-6608
lm-sys fastchat Arena Side-by-Side View add_text control flow
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function add_text of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. The attack can be launched remotely. The exploit is now public and may be used. The root cause was fixed in commit 34eca62 for gradio_block_arena_named.py, but three other files were missed.
| CWE | CWE-670 |
| Vendor | lm-sys |
| Product | fastchat |
| Published | Apr 20, 2026 |
Stay Ahead of the Next One
Get instant alerts for lm-sys fastchat
Be the first to know when new medium vulnerabilities affecting lm-sys fastchat are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
lm-sys / fastchat
0.2.0 0.2.1 0.2.2 0.2.3 0.2.4 0.2.5 0.2.6 0.2.7 0.2.8 0.2.9 0.2.10 0.2.11 0.2.12 0.2.13 0.2.14 0.2.15 0.2.16 0.2.17 0.2.18 0.2.19 0.2.20 0.2.21 0.2.22 0.2.23 0.2.24 0.2.25 0.2.26 0.2.27 0.2.28 0.2.29 0.2.30 0.2.31 0.2.32 0.2.33 0.2.34 0.2.35 0.2.36
References
vuldb.com: https://vuldb.com/vuln/358243 vuldb.com: https://vuldb.com/vuln/358243/cti vuldb.com: https://vuldb.com/submit/792228 github.com: https://github.com/lm-sys/FastChat/issues/3834 gist.github.com: https://gist.github.com/YLChen-007/e45039d23e698222d887ee09735d9d36 github.com: https://github.com/lm-sys/FastChat/
Credits
๐ Eric-f (VulDB User)