MEDIUM
The severity is rated MEDIUM because while the vulnerabilities exist, they require specific conditions and misconfigurations. In homelab environments, the risk is relatively low due to controlled access but increases in production where public APIs or shared infrastructures are involved.

This advisory discusses vulnerabilities within the Qwen3.5 series of AI models, specifically versions 27B and 122B. The primary concern lies in the security configuration of these models when deployed on hardware such as NVIDIA GPUs, particularly the A100 and A6000 series. Vulnerabilities arise from misconfigurations that allow unauthorized access or unintended data leakage through API endpoints and storage mechanisms used by these AI tools. Engineers and sysadmins should be cautious about exposing sensitive development environments to public networks without proper security measures in place.

Affected Systems
  • Qwen3.5-27B-GGUF:UD-Q4_K_XL
  • Qwen3.5-122B-A10B-GGUF
Affected Versions: All versions of Qwen3.5 up to and including 27B
Remediation
  • Restrict API access by configuring firewall rules at /etc/ufw/before.rules
  • Enable encryption for data storage using the command 'openssl enc -aes-256-cbc -in sensitive_data.txt -out encrypted_data.bin'
  • Update to the latest security patches provided by Qwen3.5 developers
Stack Impact

The impact on homelab stacks is minimal if proper isolation and network configurations are in place. However, for users with shared cloud environments or public-facing APIs, careful consideration of access controls and encryption protocols is necessary.

Source →