LOW
The severity rating of LOW reflects that this advisory is more about a new tool release and best practices rather than a critical vulnerability. The issue described, while impacting performance, does not pose a direct security threat. Real-world exploitability in both homelab and production environments is minimal as the problem can be mitigated by following simple configuration instructions.

The advisory details the release of HauhauCS's Qwen3.5-9B, a new video analysis tool designed for local media tagging with zero censorship on copyrighted content. This tool is particularly useful for those who require frame-by-frame analysis and can operate efficiently on most local hardware due to its compact size of 5.3GB. However, the advisory highlights that enabling 'thinking' mode in Qwen3.5-9B can lead to reasoning loops, causing it to over-analyze frames rather than simply tagging them, which can significantly reduce performance. Users are advised to disable this feature and use the tool via LM Studio, directing their local server to localhost:1234. For users of StashApp, the Haven VLM Connector plugin is now available in Community Plugins, allowing seamless integration with Qwen3.5-9B by pointing it to the local endpoint.

Affected Systems
  • Qwen3.5-9B
  • StashApp with Haven VLM Connector
Affected Versions: All versions of Qwen3.5-9B, StashApp with Haven VLM Connector
Remediation
  • Disable 'thinking' mode in the Qwen3.5-9B settings to avoid performance issues.
  • Ensure LM Studio is configured to connect to localhost:1234 for optimal operation.
  • For StashApp users, install the Haven VLM Connector from Community Plugins and configure it to point to your local endpoint.
Stack Impact

This advisory has minimal direct impact on common homelab stacks unless they are heavily reliant on frame-by-frame media tagging with Qwen3.5-9B or StashApp.

Source →