{"id":"CVE-2026-6608","summary":"lm-sys fastchat Arena Side-by-Side View add_text control flow","details":"A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function add_text of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. The attack can be launched remotely. The exploit is now public and may be used. The root cause was fixed in commit 34eca62 for gradio_block_arena_named.py, but three other files were missed.","aliases":["GHSA-f3q6-69f3-vwch"],"modified":"2026-07-08T08:13:49.307470652Z","published":"2026-04-20T05:15:12.337Z","database_specific":{"cwe_ids":["CWE-670"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/6xxx/CVE-2026-6608.json","unresolved_ranges":[{"extracted_events":[{"introduced":"0.2.0"},{"last_affected":"0.2.0"},{"introduced":"0.2.2"},{"last_affected":"0.2.2"},{"introduced":"0.2.4"},{"last_affected":"0.2.4"},{"introduced":"0.2.6"},{"last_affected":"0.2.6"},{"introduced":"0.2.7"},{"last_affected":"0.2.7"},{"introduced":"0.2.8"},{"last_affected":"0.2.8"},{"introduced":"0.2.10"},{"last_affected":"0.2.10"},{"introduced":"0.2.11"},{"last_affected":"0.2.11"},{"introduced":"0.2.12"},{"last_affected":"0.2.12"},{"introduced":"0.2.13"},{"last_affected":"0.2.13"},{"introduced":"0.2.15"},{"last_affected":"0.2.15"},{"introduced":"0.2.16"},{"last_affected":"0.2.16"},{"introduced":"0.2.17"},{"last_affected":"0.2.17"},{"introduced":"0.2.19"},{"last_affected":"0.2.19"},{"introduced":"0.2.20"},{"last_affected":"0.2.20"}],"source":"AFFECTED_FIELD"}],"cna_assigner":"VulDB"},"references":[{"type":"WEB","url":"https://github.com/lm-sys/FastChat/"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/6xxx/CVE-2026-6608.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6608"},{"type":"ADVISORY","url":"https://vuldb.com/submit/792228"},{"type":"ADVISORY","url":"https://vuldb.com/vuln/358243"},{"type":"REPORT","url":"https://github.com/lm-sys/FastChat/issues/3834"},{"type":"REPORT","url":"https://vuldb.com/vuln/358243/cti"},{"type":"EVIDENCE","url":"https://gist.github.com/YLChen-007/e45039d23e698222d887ee09735d9d36"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/lm-sys/fastchat","events":[{"introduced":"074f0b18155a81158dacbcba7db68807d14cb471"},{"last_affected":"b21d0f780ca4472a13714262a0790f2ee1ade659"}],"database_specific":{"extracted_events":[{"introduced":"0.2.1"},{"last_affected":"0.2.1"},{"introduced":"0.2.3"},{"last_affected":"0.2.3"},{"introduced":"0.2.5"},{"last_affected":"0.2.5"},{"introduced":"0.2.9"},{"last_affected":"0.2.9"},{"introduced":"0.2.14"},{"last_affected":"0.2.14"},{"introduced":"0.2.18"},{"last_affected":"0.2.18"},{"introduced":"0.2.21"},{"last_affected":"0.2.21"},{"introduced":"0.2.22"},{"last_affected":"0.2.22"},{"introduced":"0.2.23"},{"last_affected":"0.2.23"},{"introduced":"0.2.24"},{"last_affected":"0.2.24"},{"introduced":"0.2.25"},{"last_affected":"0.2.25"},{"introduced":"0.2.26"},{"last_affected":"0.2.26"},{"introduced":"0.2.27"},{"last_affected":"0.2.27"},{"introduced":"0.2.28"},{"last_affected":"0.2.28"},{"introduced":"0.2.29"},{"last_affected":"0.2.29"},{"introduced":"0.2.30"},{"last_affected":"0.2.30"},{"introduced":"0.2.31"},{"last_affected":"0.2.31"},{"introduced":"0.2.32"},{"last_affected":"0.2.32"},{"introduced":"0.2.33"},{"last_affected":"0.2.33"},{"introduced":"0.2.34"},{"last_affected":"0.2.34"},{"introduced":"0.2.35"},{"last_affected":"0.2.35"},{"introduced":"0.2.36"},{"last_affected":"0.2.36"}],"source":"AFFECTED_FIELD"}}],"versions":["0.2.1","0.2.14","0.2.18","0.2.21","0.2.22","0.2.23","0.2.24","0.2.25","0.2.26","0.2.27","0.2.28","0.2.29","0.2.3","0.2.30","0.2.31","0.2.32","0.2.33","0.2.34","0.2.35","0.2.36","0.2.5","0.2.9","v0.2.36","v0.2.35","v0.2.34","v0.2.33","v0.2.32","v0.2.31","v0.2.30","v0.2.29","v0.2.28","v0.2.27","v0.2.26","v0.2.25","v0.2.23","v0.2.22","v0.2.21","v0.2.18","v0.2.14","v0.2.9","v0.2.5","v0.2.3","v0.2.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-6608.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"}]}