Skip to main content

vllm-orchestrator-gateway CVE-2026-15574

| EUVDEUVD-2026-43310 HIGH
Insertion of Sensitive Information into Externally-Accessible File (CWE-538)
2026-07-13 redhat GHSA-fgpg-f5rm-p28p
7.5
CVSS 3.1 · Vendor: redhat
Share

Severity by source

Vendor (redhat) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vuln.today AI
5.5 MEDIUM

Disclosure requires authorized read access to logs, so PR:L and AV:L rather than network/unauthenticated; confidentiality-only impact means I:N and A:N.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (redhat).

CVSS VectorVendor: redhat

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Jul 13, 2026 - 09:02 vuln.today
CVE Published
Jul 13, 2026 - 08:01 cve.org
HIGH 7.5

DescriptionCVE.org

A flaw was found in the vllm-orchestrator-gateway component. The system's production binary logs all incoming authorization headers and full chat payloads, which may contain personally identifiable information (PII) and secrets, to persistent logs. This sensitive data, including bearer tokens and chat content, can be accessed by any user with logging privileges. This vulnerability leads to information disclosure, potentially allowing an attacker to harvest credentials and sensitive conversation content.

AnalysisAI

Sensitive information disclosure in Red Hat OpenShift AI's vllm-orchestrator-gateway component exposes bearer tokens and full chat payloads because the production binary writes all incoming Authorization headers and complete request bodies to persistent logs. Any user holding logging privileges can read these logs to harvest live credentials and potentially PII-laden conversation content. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain log-viewer access to gateway logs
Delivery
Locate Authorization headers and chat payloads
Exploit
Extract bearer tokens and PII
Execution
Replay tokens to impersonate callers
Impact
Exfiltrate conversation content

Vulnerability AssessmentAI

Exploitation Exploitation requires read access to the persistent logs produced by the vllm-orchestrator-gateway production binary - i.e., 'logging privileges' such as OpenShift log-viewer RBAC, access to the container's stdout/log volume, or access to the downstream aggregation backend (Loki/EFK). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The published CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N = 7.5, High) models this as a remote, unauthenticated confidentiality breach, but that framing conflicts with the description, which states the data is exposed only to a 'user with logging privileges' - an authenticated, authorized insider or a compromised log-reader account, not an anonymous network attacker. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An SRE, platform operator, or a service account scoped to the logging stack opens the aggregated gateway logs and reads plaintext Authorization: Bearer tokens alongside full chat prompts and responses. They replay a harvested token against the LLM API to impersonate legitimate callers and exfiltrate the captured PII-bearing conversation content. …
Remediation No vendor-released patch version is identified in the available data; monitor the Red Hat advisory (https://access.redhat.com/security/cve/CVE-2026-15574) and Bugzilla 2499594 (https://bugzilla.redhat.com/show_bug.cgi?id=2499594) for the fixing errata and apply it once published. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Audit vllm-orchestrator-gateway logging access controls to identify privileged users; review logs for suspicious access patterns and begin credential inventory. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-15574 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy