CVE-2026-6607

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions lm-sys fastchat versions prior to 0.2.37

Description A flaw in the Worker API Endpoint allows remote attackers to cause resource consumption through the manipulation of the api generate() function.

Recommendations Install the patch provided in commit c9e84b89c91d45191dc24466888de526fa04cf33. As a temporary workaround, restrict access to the api generate() function to minimize the risk of resource exhaustion.

Exploit

Fix

Resource Exhaustion

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-404

Related Identifiers

CVE-2026-6607

GHSA-5H65-JX66-J7P5

Affected Products

Fastchat

CVE-2026-6607

Weakness Enumeration

Related Identifiers

Affected Products

References · 11