Lucene search
K

9 matches found

OSV
OSV
added 2026/06/19 9:42 p.m.10 views

GHSA-JVCM-F35G-W78P Network-AI: AgentRuntime sandbox path-prefix checks allow file access outside the configured base directory

Summary AgentRuntime promises scoped file access under a configured sandbox basePath, but its path containment checks use raw string prefix tests. A sandbox base such as /tmp/network-ai-sandbox also matches a sibling path such as /tmp/network-ai-sandboxevil/secret.txt. An agent/user that can call...

6.5CVSS5.9AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/27 7:23 p.m.7 views

CVE-2026-7022

A security vulnerability has been detected in SmythOS sre up to 0.0.15. Affected is the function AgentRuntime of the file packages/core/src/subsystems/AgentManager/AgentRuntime.class.ts of the component HTTP Header Handler. Such manipulation of the argument X-DEBUG-RUN/X-DEBUG-INJ leads to improp...

7.5CVSS7AI score0.00383EPSS
Exploits0References1
NVD
NVD
added 2026/04/26 6:16 a.m.9 views

CVE-2026-7022

A security vulnerability has been detected in SmythOS sre up to 0.0.15. Affected is the function AgentRuntime of the file packages/core/src/subsystems/AgentManager/AgentRuntime.class.ts of the component HTTP Header Handler. Such manipulation of the argument X-DEBUG-RUN/X-DEBUG-INJ leads to improp...

7.5CVSS0.00383EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/26 5:45 a.m.4 views

CVE-2026-7022

A security vulnerability has been detected in SmythOS sre up to 0.0.15. Affected is the function AgentRuntime of the file packages/core/src/subsystems/AgentManager/AgentRuntime.class.ts of the component HTTP Header Handler. Such manipulation of the argument X-DEBUG-RUN/X-DEBUG-INJ leads to improp...

7.5CVSS7.1AI score0.00383EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/04/26 5:45 a.m.33 views

CVE-2026-7022 SmythOS sre HTTP Header AgentRuntime.class.ts AgentRuntime improper authentication

A security vulnerability has been detected in SmythOS sre up to 0.0.15. Affected is the function AgentRuntime of the file packages/core/src/subsystems/AgentManager/AgentRuntime.class.ts of the component HTTP Header Handler. Such manipulation of the argument X-DEBUG-RUN/X-DEBUG-INJ leads to improp...

7.5CVSS0.00383EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/26 5:45 a.m.4 views

CVE-2026-7022 SmythOS sre HTTP Header AgentRuntime.class.ts AgentRuntime improper authentication

A security vulnerability has been detected in SmythOS sre up to 0.0.15. Affected is the function AgentRuntime of the file packages/core/src/subsystems/AgentManager/AgentRuntime.class.ts of the component HTTP Header Handler. Such manipulation of the argument X-DEBUG-RUN/X-DEBUG-INJ leads to improp...

7.5CVSS7.1AI score0.00383EPSS
Exploits0References4
CVE
CVE
added 2026/04/26 5:45 a.m.20 views

CVE-2026-7022

CVE-2026-7022 affects SmythOS sre up to 0.0.15. The vulnerability lies in the HTTP Header Handler’s AgentRuntime function (packages/core/src/subsystems/AgentManager/AgentRuntime.class.ts), where manipulation of the arguments X-DEBUG-RUN/X-DEBUG-INJ enables improper authentication. The issue allow...

7.5CVSS7.1AI score0.00383EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/26 12:0 a.m.10 views

SmythOS 授权问题漏洞

SmythOS is an open-source infrastructure for the execution and development of AI agents. Versions of SmythOS 0.0.15 and earlier contained vulnerabilities related to authorization. These vulnerabilities stemmed from the handling of X-DEBUG-RUN/X-DEBUG-INJ parameters in the AgentRuntime function...

7.5CVSS7.3AI score0.00383EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/26 12:0 a.m.7 views

PT-2026-35203

A security vulnerability has been detected in SmythOS sre up to 0.0.15. Affected is the function AgentRuntime of the file packages/core/src/subsystems/AgentManager/AgentRuntime.class.ts of the component HTTP Header Handler. Such manipulation of the argument X-DEBUG-RUN/X-DEBUG-INJ leads to improp...

7.5CVSS7.1AI score0.00383EPSS
Exploits0References5
Rows per page
Query Builder