Information Disclosure Vulnerability in vllm-orchestrator-gateway by Red Hat
CVE-2026-15574
7.5HIGH
What is CVE-2026-15574?
A security flaw has been identified in the vllm-orchestrator-gateway component where the system's production binary improperly logs all incoming authorization headers and entire chat payloads to persistent logs. This misconfiguration exposes sensitive data, including personally identifiable information (PII), bearer tokens, and chat content, to any user with access to these logs. Consequently, this could allow unauthorized users to harvest sensitive credentials and confidential conversations, raising significant privacy and security concerns.