<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>GPUStack &lt;= 2.2.1 - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/products/gpustack--2.2.1/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Wed, 15 Jul 2026 18:22:07 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/products/gpustack--2.2.1/feed.xml" rel="self" type="application/rss+xml"/><item><title>Unauthenticated Information Disclosure in GPUStack</title><link>https://feed.craftedsignal.io/briefs/2026-07-gpustack-info-disclosure/</link><pubDate>Wed, 15 Jul 2026 18:22:07 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-gpustack-info-disclosure/</guid><description>An unauthenticated information disclosure vulnerability, CVE-2026-58658, in GPUStack through version 2.2.1 allows attackers to access sensitive inference logs containing prompts and completions and modify worker configurations by exploiting unprotected /serveLogs and /debug endpoints.</description><content:encoded><![CDATA[<p>CVE-2026-58658 details an unauthenticated information disclosure vulnerability in GPUStack versions up to and including 2.2.1, which was addressed in commit 4e20551. This vulnerability allows remote, unauthenticated attackers to gain unauthorized access to sensitive operational data and configuration settings. By exploiting unprotected <code>/serveLogs</code> and <code>/debug</code> endpoints on the worker port, attackers can enumerate model instance IDs to stream highly sensitive inference logs containing proprietary prompts and completions. Furthermore, they can alter log levels and read memory profiling data, potentially leading to disruption of service or leakage of confidential information. This flaw presents a significant risk to organizations using GPUStack for machine learning inference, as it could expose intellectual property and operational details.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>Attacker identifies a vulnerable GPUStack instance (version 2.2.1 or earlier) with its worker port exposed.</li>
<li>Attacker sends an unauthenticated HTTP GET request to the <code>/serveLogs</code> endpoint on the worker port to enumerate available model instance IDs.</li>
<li>Using the identified model instance IDs, the attacker sends further unauthenticated HTTP GET requests to <code>/serveLogs</code> to stream sensitive inference logs, which contain prompts and completions.</li>
<li>Concurrently, the attacker sends unauthenticated HTTP GET requests to the <code>/debug</code> endpoint to read memory profiling data, potentially uncovering system architectural details.</li>
<li>The attacker leverages the <code>/debug</code> endpoint with unauthenticated HTTP POST/PUT requests to modify worker configuration settings, such as altering log levels, which could impact operational integrity or aid further reconnaissance.</li>
<li>The attacker successfully exfiltrates sensitive inference data and potentially disrupts or reconfigures the GPUStack worker.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Successful exploitation of CVE-2026-58658 results in unauthorized access to highly sensitive information, including machine learning model prompts and completions, which can reveal proprietary business logic, intellectual property, or confidential user data. Attackers can also read memory profiling data, potentially gaining insights into the application's internal workings and infrastructure. Furthermore, the ability to modify worker configurations via the <code>/debug</code> endpoint could lead to denial of service, service degradation, or facilitate further malicious activities on the compromised system. The CVSS v3.1 Base Score of 8.2 indicates a high severity threat, with potential for significant data loss and operational disruption.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Patch CVE-2026-58658 by upgrading GPUStack to a version beyond 2.2.1 (fixed in commit 4e20551) immediately.</li>
<li>Deploy the Sigma rule provided in this brief to your SIEM to detect unauthenticated access attempts to the <code>/serveLogs</code> and <code>/debug</code> endpoints.</li>
<li>Enable comprehensive web server logging for all GPUStack instances to capture detailed HTTP request information, including URI stems, methods, and status codes.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>information-disclosure</category><category>vulnerability</category><category>web-application</category></item></channel></rss>