What happened
A flaw in the vllm-orchestrator-gateway component causes the production binary to log all incoming authorization headers and full chat payloads to persistent logs, which may contain personally identifiable information (PII) and secrets, including bearer tokens.
Why it matters
vLLM-based gateways sit in front of production LLM inference traffic; unredacted logging of bearer tokens and full chat content creates a large, persistent secondary attack surface (log storage, SIEM pipelines, backup systems) for credential theft and PII exposure across any deployment routing traffic through this orchestrator gateway.
Attack vector
The production binary of the vllm-orchestrator-gateway component writes all incoming Authorization headers and full chat request/response payloads to persistent logs without redaction; anyone with log access (or logs shipped to a downstream analytics/observability system) can recover bearer tokens, API keys, and PII/secrets contained in chat content.
Affected systems
vllm-orchestrator-gateway (production binary)
Mitigation
Refer to Red Hat's advisory for CVE-2026-15574; disable verbose/debug request logging in production, redact Authorization headers before persisting logs, and restrict access to log storage/analytics pipelines.