vLLM <= 0.23.0 – Anthropic Router Heap Address Information Leak (CVE-2026-54236)

FUXA-1.3.0-UnauthentIcated-ICS-SCADA-Project-Data-DIsclosure-CVE-2026-47717-AnalysIs

Introduction As one of the most widely adopted open-source libraries for serving Large Language Models (LLMs), vLLM is celebrated for its high-performance inference capabilities and memory-efficient attention mechanisms. However, a critical vulnerability disclosed in June 2026—tracked as CVE-2026-54236—highlights a significant information disclosure flaw within vLLM’s Anthropic API compatibility layer and real-time WebSocket endpoints. This flaw allows unauthenticated remote attackers to leak

FUXA 1.3.0 – Unauthenticated ICS/SCADA Project Data Disclosure (CVE-2026-47717) Analysis

FUXA 1.3.0 - UnauthentIcated ICS SCADA Project Data DIsclosure CVE-2026-47717 AnalysIs

Introduction Industrial Control Systems (ICS) and SCADA architectures form the core of modern infrastructures, critical utilities, and automated production facilities. Integrating these legacy operational environments with modern web-based interfaces and open-source solutions significantly enhances operational flexibility and real-time data accessibility, but it simultaneously expands the digital cyber threat landscape exponentially. FUXA is a popular, web-native open-source SCADA platform widely used by engineers for