{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/gpustack/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.2,"id":"CVE-2026-58658"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["GPUStack \u003c= 2.2.1"],"_cs_severities":["high"],"_cs_tags":["information-disclosure","vulnerability","web-application"],"_cs_type":"advisory","_cs_vendors":["GPUStack"],"content_html":"\u003cp\u003eCVE-2026-58658 details an unauthenticated information disclosure vulnerability in GPUStack versions up to and including 2.2.1, which was addressed in commit 4e20551. This vulnerability allows remote, unauthenticated attackers to gain unauthorized access to sensitive operational data and configuration settings. By exploiting unprotected \u003ccode\u003e/serveLogs\u003c/code\u003e and \u003ccode\u003e/debug\u003c/code\u003e endpoints on the worker port, attackers can enumerate model instance IDs to stream highly sensitive inference logs containing proprietary prompts and completions. Furthermore, they can alter log levels and read memory profiling data, potentially leading to disruption of service or leakage of confidential information. This flaw presents a significant risk to organizations using GPUStack for machine learning inference, as it could expose intellectual property and operational details.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable GPUStack instance (version 2.2.1 or earlier) with its worker port exposed.\u003c/li\u003e\n\u003cli\u003eAttacker sends an unauthenticated HTTP GET request to the \u003ccode\u003e/serveLogs\u003c/code\u003e endpoint on the worker port to enumerate available model instance IDs.\u003c/li\u003e\n\u003cli\u003eUsing the identified model instance IDs, the attacker sends further unauthenticated HTTP GET requests to \u003ccode\u003e/serveLogs\u003c/code\u003e to stream sensitive inference logs, which contain prompts and completions.\u003c/li\u003e\n\u003cli\u003eConcurrently, the attacker sends unauthenticated HTTP GET requests to the \u003ccode\u003e/debug\u003c/code\u003e endpoint to read memory profiling data, potentially uncovering system architectural details.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the \u003ccode\u003e/debug\u003c/code\u003e endpoint with unauthenticated HTTP POST/PUT requests to modify worker configuration settings, such as altering log levels, which could impact operational integrity or aid further reconnaissance.\u003c/li\u003e\n\u003cli\u003eThe attacker successfully exfiltrates sensitive inference data and potentially disrupts or reconfigures the GPUStack worker.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-58658 results in unauthorized access to highly sensitive information, including machine learning model prompts and completions, which can reveal proprietary business logic, intellectual property, or confidential user data. Attackers can also read memory profiling data, potentially gaining insights into the application's internal workings and infrastructure. Furthermore, the ability to modify worker configurations via the \u003ccode\u003e/debug\u003c/code\u003e endpoint could lead to denial of service, service degradation, or facilitate further malicious activities on the compromised system. The CVSS v3.1 Base Score of 8.2 indicates a high severity threat, with potential for significant data loss and operational disruption.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2026-58658 by upgrading GPUStack to a version beyond 2.2.1 (fixed in commit 4e20551) immediately.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule provided in this brief to your SIEM to detect unauthenticated access attempts to the \u003ccode\u003e/serveLogs\u003c/code\u003e and \u003ccode\u003e/debug\u003c/code\u003e endpoints.\u003c/li\u003e\n\u003cli\u003eEnable comprehensive web server logging for all GPUStack instances to capture detailed HTTP request information, including URI stems, methods, and status codes.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-15T18:22:07Z","date_published":"2026-07-15T18:22:07Z","id":"https://feed.craftedsignal.io/briefs/2026-07-gpustack-info-disclosure/","summary":"An unauthenticated information disclosure vulnerability, CVE-2026-58658, in GPUStack through version 2.2.1 allows attackers to access sensitive inference logs containing prompts and completions and modify worker configurations by exploiting unprotected /serveLogs and /debug endpoints.","title":"Unauthenticated Information Disclosure in GPUStack","url":"https://feed.craftedsignal.io/briefs/2026-07-gpustack-info-disclosure/"}],"language":"en","title":"CraftedSignal Threat Feed - GPUStack","version":"https://jsonfeed.org/version/1.1"}