Lucene search
+L

8 matches found

redhatcve
redhatcve
added 2026/03/28 4:59 p.m.8 views

CVE-2026-4959

A vulnerability was found in OpenBMB XAgent 1.0.0. This impacts the function checkuser of the file XAgentServer/application/websockets/share.py of the component ShareServer WebSocket Endpoint. Performing a manipulation of the argument interactionid results in missing authentication. Remote...

7.5CVSS6.6AI score0.0043EPSS
Exploits1References1
cvelist
cvelist
added 2026/03/27 3:31 p.m.25 views

CVE-2026-4959 OpenBMB XAgent ShareServer WebSocket Endpoint share.py check_user missing authentication

A vulnerability was found in OpenBMB XAgent 1.0.0. This impacts the function checkuser of the file XAgentServer/application/websockets/share.py of the component ShareServer WebSocket Endpoint. Performing a manipulation of the argument interactionid results in missing authentication. Remote...

7.5CVSS0.0043EPSS
Exploits1References4
attackerkb
attackerkb
added 2026/03/27 3:31 p.m.4 views

CVE-2026-4959

A vulnerability was found in OpenBMB XAgent 1.0.0. This impacts the function checkuser of the file XAgentServer/application/websockets/share.py of the component ShareServer WebSocket Endpoint. Performing a manipulation of the argument interactionid results in missing authentication. Remote...

7.5CVSS5.5AI score0.0043EPSS
Exploits1References4Affected Software1
cve
cve
added 2026/03/27 3:31 p.m.14 views

CVE-2026-4958

OpenBMB XAgent 1.0.0 contains a vulnerability in ReplayServer.on_connect/ReplayServer.send_data (XAgentServer/application/websockets/replayer.py, WebSocket Endpoint) where manipulating the interaction_id can bypass authorization. The incident is remotely exploitable and is described as highly com...

6.5CVSS5.4AI score0.00383EPSS
Exploits1References4Affected Software1
cnnvd
cnnvd
added 2026/03/27 12:0 a.m.8 views

XAgent 安全漏洞

XAgent is an open-source, experimental large language model-driven autonomous agent developed by OpenBMB. Version 1.0.0 of XAgent contains a security vulnerability, which stems from incorrect handling of the parameter interactionid in the file XAgentServer/application/websockets/replayer.py,...

6.5CVSS5.8AI score0.00383EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2026/03/27 12:0 a.m.16 views

PT-2026-28684

A vulnerability has been found in OpenBMB XAgent 1.0.0. This affects the function ReplayServer.on connect/ReplayServer.send data of the file XAgentServer/application/websockets/replayer.py of the component WebSocket Endpoint. Such manipulation of the argument interaction id leads to authorization...

3.1CVSS5.4AI score0.00383EPSS
Exploits1References5
ptsecurity
ptsecurity
added 2026/03/27 12:0 a.m.10 views

PT-2026-28685

A vulnerability was found in OpenBMB XAgent 1.0.0. This impacts the function check user of the file XAgentServer/application/websockets/share.py of the component ShareServer WebSocket Endpoint. Performing a manipulation of the argument interaction id results in missing authentication. Remote...

7.5CVSS5.5AI score0.0043EPSS
Exploits1References5
code423n4
code423n4
added 2023/12/08 12:0 a.m.9 views

Lack of Validation and Potential Overflow in _fetchInteractionId Function

Lines of code Vulnerability details Impact The lack of validation on interactionType could allow invalid values, potentially leading to unexpected interaction IDs. Additionally, if interactionType exceeds 8 bits, it could cause an overflow issue, potentially altering the token address within the...

7.3AI score
Exploits0
Rows per page
Query Builder