Skip to main content

Serge

1 CVEs product

Monthly

CVE-2026-6588 MEDIUM POC This Month

Missing authentication in serge-chat serge up to version 1.4TB allows unauthenticated remote attackers to manipulate the download_model and delete_model API endpoints, enabling unauthorized model file deletion and modification through the Model API Endpoint in api/src/serge/routers/model.py. The vulnerability is confirmed to have publicly available exploit code and represents a direct authentication bypass with integrity and availability impact. The vendor did not respond to early disclosure notification.

Authentication Bypass Serge
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Missing authentication in serge-chat serge up to version 1.4TB allows unauthenticated remote attackers to manipulate the download_model and delete_model API endpoints, enabling unauthorized model file deletion and modification through the Model API Endpoint in api/src/serge/routers/model.py. The vulnerability is confirmed to have publicly available exploit code and represents a direct authentication bypass with integrity and availability impact. The vendor did not respond to early disclosure notification.

Authentication Bypass Serge
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy