Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
7DescriptionCVE.org
A weakness has been identified in serge-chat serge up to 1.4TB. The impacted element is the function download_model/delete_model of the file api/src/serge/routers/model.py of the component Model API Endpoint. Executing a manipulation can lead to missing authentication. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Missing authentication in serge-chat serge up to version 1.4TB allows unauthenticated remote attackers to manipulate the download_model and delete_model API endpoints, enabling unauthorized model file deletion and modification through the Model API Endpoint in api/src/serge/routers/model.py. The vulnerability is confirmed to have publicly available exploit code and represents a direct authentication bypass with integrity and availability impact. The vendor did not respond to early disclosure notification.
Technical ContextAI
The vulnerability exists in the Model API Endpoint component of serge-chat, specifically in the download_model and delete_model functions within api/src/serge/routers/model.py. These endpoints are responsible for managing machine learning model files in the serge application. The underlying issue is classified as CWE-306 (Missing Authentication for Critical Function), meaning the API endpoints fail to validate user identity before processing requests that modify or delete critical model assets. The attack surface is the HTTP API layer itself, which accepts network requests without requiring authentication tokens, session validation, or authorization checks. An attacker can directly invoke these functions over the network with crafted HTTP requests, bypassing intended access controls.
RemediationAI
Immediate action: update serge-chat serge to a version newer than 1.4TB if available from the official repository. As the vendor has not responded to disclosure notification, check the serge-chat GitHub repository (github.com/serge-chat/serge) for any available patches or security releases. If no patched version is available, implement the following compensating controls: (1) Deploy serge behind a reverse proxy or API gateway that enforces authentication for all requests to /api/*/download_model and /api/*/delete_model endpoints, injecting valid authentication tokens or session headers before forwarding to the backend serge instance; (2) Use firewall or network ACL rules to restrict access to the serge API port to only trusted internal networks or specific IP addresses, blocking direct remote access; (3) Disable or remove the download_model and delete_model endpoints entirely if not in active use, by modifying the routers configuration or deploying a wrapper that returns 403 Forbidden for these paths; (4) Implement rate limiting at the network edge to mitigate automated attacks against model deletion operations. Trade-offs include operational overhead from authentication layer management and potential functionality loss if endpoints are disabled. Monitor serge releases at https://vuldb.com/vuln/358223 for vendor patches.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-23729
GHSA-chp8-j7m4-jf28