Project Subscriptions
No data.
No advisories yet.
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Wed, 15 Jul 2026 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 15 Jul 2026 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | GPUStack through 2.2.1, fixed in commit 4e20551, contains an unauthenticated information disclosure vulnerability that allows unauthenticated attackers to access sensitive inference logs and modify worker configuration by exploiting unprotected /serveLogs and /debug endpoints on the worker port. Attackers can enumerate model instance IDs to stream serving logs containing prompts and completions, change log levels, and read memory profiling data without any authentication. | |
| Title | GPUStack Unauthenticated Information Disclosure via Worker Endpoints | |
| Weaknesses | CWE-306 | |
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-15T18:12:23.313Z
Reserved: 2026-07-01T21:54:37.946Z
Link: CVE-2026-58658
Updated: 2026-07-15T18:12:18.395Z
No data.
No data.
OpenCVE Enrichment
No data.