Information Disclosure Vulnerability in vllm-orchestrator-gateway by Red Hat
CVE-2026-15574

7.5HIGH

Key Information:

Vendor

Red Hat

Vendor
CVE Published:
13 July 2026

What is CVE-2026-15574?

A security flaw has been identified in the vllm-orchestrator-gateway component where the system's production binary improperly logs all incoming authorization headers and entire chat payloads to persistent logs. This misconfiguration exposes sensitive data, including personally identifiable information (PII), bearer tokens, and chat content, to any user with access to these logs. Consequently, this could allow unauthorized users to harvest sensitive credentials and confidential conversations, raising significant privacy and security concerns.

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.