Lmsys Vulnerabilities
Comprehensive security vulnerability database for Lmsys products
2
2
2
2
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2026-3060 | 9.8 | This vulnerability allows an attacker to run arbitrary code on a vulnerable system remotely without needing to log in. It occurs because the system improperly processes untrusted data, which can be exploited if an attacker sends specially crafted input to the disaggregation module. | lmsyssglang | Exploit Available | 26 days agoMar 12, 2026 |
| CVE-2026-3059 | 9.8 | This vulnerability allows an attacker to run any code they want on the affected system remotely, without needing to log in. It occurs because the system processes untrusted data in a way that can be exploited, specifically through a messaging service that doesn't check if the data is safe. | lmsyssglang | Exploit Available | 26 days agoMar 12, 2026 |
About Lmsys Security
This page tracks all publicly disclosed security vulnerabilities (CVEs) affecting Lmsys products. Our database is updated in real-time from the National Vulnerability Database (NVD) and enriched with exploit information from GitHub and other security research sources.
Each CVE listing includes CVSS severity scores, exploit availability status, AI-powered vulnerability summaries, and links to official patches and security advisories.