CVE-2026-6588 | serge-chat serge up to 1.4TB Model API Endpoint model.py download_model/delete_model missing authentication

A vulnerability was found in serge-chat serge up to 1.4TB and classified as critical. The impacted element is the function download_model/delete_model of the file api/src/serge/routers/model.py of the component Model API Endpoint. Executing a manipulation can lead to missing authentication.

This vulnerability is tracked as CVE-2026-6588. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More