Lucene search
+L

4 matches found

redhatcve
redhatcve
added 2026/06/05 7:33 p.m.12 views

CVE-2026-45577

Neotoma provides versioned records that persist across agent runs. From 0.6.0 to before 0.11.1, Neotoma can treat public reverse-proxied requests as local when the app receives them over a loopback socket and no Bearer token is present. In affected deployments, the REST auth middleware can resolv...

6.9CVSS5.4AI score0.00249EPSS
Exploits0References1
cve
cve
added 2026/05/29 4:53 p.m.28 views

CVE-2026-45577

Neotoma AG vulnerability CVE-2026-45577 affects versions 0.6.0 through before 0.11.1. When requests arrive via a loopback socket and are not Bearer-token authenticated, public reverse-proxied requests can be treated as local, causing the REST auth middleware to resolve unauthenticated requests as...

6.9CVSS5.8AI score0.00249EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/05/29 4:53 p.m.10 views

CVE-2026-45577

Neotoma provides versioned records that persist across agent runs. From 0.6.0 to before 0.11.1, Neotoma can treat public reverse-proxied requests as local when the app receives them over a loopback socket and no Bearer token is present. In affected deployments, the REST auth middleware can resolv...

6.9CVSS5.8AI score0.00249EPSS
Exploits0References3Affected Software1
osv
osv
added 2026/05/29 4:53 p.m.3 views

CVE-2026-45577 Neotoma: Unauthenticated Inspector/API access via reverse-proxy loopback auth bypass

Neotoma provides versioned records that persist across agent runs. From 0.6.0 to before 0.11.1, Neotoma can treat public reverse-proxied requests as local when the app receives them over a loopback socket and no Bearer token is present. In affected deployments, the REST auth middleware can resolv...

6.9CVSS6AI score0.00249EPSS
Exploits0References4
Rows per page
Query Builder