CVE-2026-28400
Affected software/versions: Docker Model Runner (DMR) prior to 1.0.16. Vulnerability: POST /engines/_configure accepts arbitrary runtime flags without authentication, forwarded to the inference server (llama.cpp). Impact: via injecting --log-file, an attacker with network access can write/overwri...