8 matches found
CVE-2026-31216
The nexent v1.7.5.2 backend service contains an unauthorized arbitrary storage file deletion vulnerability in its file management API. The DELETE /storage/objectname:path endpoint lacks authentication, authorization, and input validation mechanisms. Unauthenticated remote attackers can send craft...
CVE-2026-31215
The nexent v1.7.5.2 backend service contains an unauthorized arbitrary file deletion vulnerability in its ElasticSearch service interface. The DELETE /indexname/documents endpoint lacks proper authentication and authorization controls and does not validate the user-supplied pathorurl parameter...
CVE-2026-31215
The nexent v1.7.5.2 backend service contains an unauthorized arbitrary file deletion vulnerability in its ElasticSearch service interface. The DELETE /indexname/documents endpoint lacks proper authentication and authorization controls and does not validate the user-supplied pathorurl parameter...
CVE-2026-31216
The CVE concerns the Nexent v1.7.5.2 backend service. The vulnerability lies in the file management API: DELETE /storage/{object_name:path} accepts a user-controlled object_name and is missing authentication, authorization, and input validation. This allows unauthenticated remote attackers to del...
Nexent 安全漏洞
Nexent is an open-source zero-code AI smart agent automatic generation platform developed by ModelEngine-Group. Version 1.7.5.2 of Nexent contains a security vulnerability. This vulnerability stems from the lack of authentication and authorization controls in the DELETE /indexname/documents...
CVE-2026-31215
The nexent v1.7.5.2 backend service contains an unauthorized arbitrary file deletion vulnerability in its ElasticSearch service interface. The DELETE /indexname/documents endpoint lacks proper authentication and authorization controls and does not validate the user-supplied pathorurl parameter...
CVE-2026-31215
The nexent v1.7.5.2 backend service contains an unauthorized arbitrary file deletion vulnerability in its ElasticSearch service interface. The DELETE /indexname/documents endpoint lacks proper authentication and authorization controls and does not validate the user-supplied pathorurl parameter...
CVE-2026-31216
The nexent v1.7.5.2 backend service contains an unauthorized arbitrary storage file deletion vulnerability in its file management API. The DELETE /storage/objectname:path endpoint lacks authentication, authorization, and input validation mechanisms. Unauthenticated remote attackers can send craft...