51 matches found
CVE-2026-4957
A flaw has been found in OpenBMB XAgent 1.0.0. The impacted element is the function FunctionHandler.handletoolcall of the file XAgent/functionhandler.py of the component API Key Handler. This manipulation of the argument apikey causes sensitive information in log files. The attack may be initiate...
CVE-2026-4959
A vulnerability was found in OpenBMB XAgent 1.0.0. This impacts the function checkuser of the file XAgentServer/application/websockets/share.py of the component ShareServer WebSocket Endpoint. Performing a manipulation of the argument interactionid results in missing authentication. Remote...
CVE-2026-4958
A vulnerability has been found in OpenBMB XAgent 1.0.0. This affects the function ReplayServer.onconnect/ReplayServer.senddata of the file XAgentServer/application/websockets/replayer.py of the component WebSocket Endpoint. Such manipulation of the argument interactionid leads to authorization...
EUVD-2026-16692
A vulnerability was found in OpenBMB XAgent 1.0.0. This impacts the function checkuser of the file XAgentServer/application/websockets/share.py of the component ShareServer WebSocket Endpoint. Performing a manipulation of the argument interactionid results in missing authentication. Remote...
EUVD-2026-16690
A vulnerability has been found in OpenBMB XAgent 1.0.0. This affects the function ReplayServer.onconnect/ReplayServer.senddata of the file XAgentServer/application/websockets/replayer.py of the component WebSocket Endpoint. Such manipulation of the argument interactionid leads to authorization...
CVE-2026-4959
A vulnerability was found in OpenBMB XAgent 1.0.0. This impacts the function checkuser of the file XAgentServer/application/websockets/share.py of the component ShareServer WebSocket Endpoint. Performing a manipulation of the argument interactionid results in missing authentication. Remote...
CVE-2026-4958
A vulnerability has been found in OpenBMB XAgent 1.0.0. This affects the function ReplayServer.onconnect/ReplayServer.senddata of the file XAgentServer/application/websockets/replayer.py of the component WebSocket Endpoint. Such manipulation of the argument interactionid leads to authorization...
CVE-2026-4959
OpenBMB XAgent 1.0.0 contains a vulnerability in the ShareServer WebSocket Endpoint (XAgentServer/application/websockets/share.py, function check_user). Manipulating the argument interaction_id results in missing authentication, enabling remote exploitation. The exploit has been publicized, and t...
CVE-2026-4959 OpenBMB XAgent ShareServer WebSocket Endpoint share.py check_user missing authentication
A vulnerability was found in OpenBMB XAgent 1.0.0. This impacts the function checkuser of the file XAgentServer/application/websockets/share.py of the component ShareServer WebSocket Endpoint. Performing a manipulation of the argument interactionid results in missing authentication. Remote...
CVE-2026-4959 OpenBMB XAgent ShareServer WebSocket Endpoint share.py check_user missing authentication
A vulnerability was found in OpenBMB XAgent 1.0.0. This impacts the function checkuser of the file XAgentServer/application/websockets/share.py of the component ShareServer WebSocket Endpoint. Performing a manipulation of the argument interactionid results in missing authentication. Remote...
CVE-2026-4959
A vulnerability was found in OpenBMB XAgent 1.0.0. This impacts the function checkuser of the file XAgentServer/application/websockets/share.py of the component ShareServer WebSocket Endpoint. Performing a manipulation of the argument interactionid results in missing authentication. Remote...
CVE-2026-4958
OpenBMB XAgent 1.0.0 contains a vulnerability in ReplayServer.on_connect/ReplayServer.send_data (XAgentServer/application/websockets/replayer.py, WebSocket Endpoint) where manipulating the interaction_id can bypass authorization. The incident is remotely exploitable and is described as highly com...
CVE-2026-4958 OpenBMB XAgent WebSocket Endpoint replayer.py ReplayServer.send_data authorization
A vulnerability has been found in OpenBMB XAgent 1.0.0. This affects the function ReplayServer.onconnect/ReplayServer.senddata of the file XAgentServer/application/websockets/replayer.py of the component WebSocket Endpoint. Such manipulation of the argument interactionid leads to authorization...
CVE-2026-4958 OpenBMB XAgent WebSocket Endpoint replayer.py ReplayServer.send_data authorization
A vulnerability has been found in OpenBMB XAgent 1.0.0. This affects the function ReplayServer.onconnect/ReplayServer.senddata of the file XAgentServer/application/websockets/replayer.py of the component WebSocket Endpoint. Such manipulation of the argument interactionid leads to authorization...
CVE-2026-4958
A vulnerability has been found in OpenBMB XAgent 1.0.0. This affects the function ReplayServer.onconnect/ReplayServer.senddata of the file XAgentServer/application/websockets/replayer.py of the component WebSocket Endpoint. Such manipulation of the argument interactionid leads to authorization...
EUVD-2026-16658
A flaw has been found in OpenBMB XAgent 1.0.0. The impacted element is the function FunctionHandler.handletoolcall of the file XAgent/functionhandler.py of the component API Key Handler. This manipulation of the argument apikey causes sensitive information in log files. The attack may be initiate...
CVE-2026-4957
A flaw has been found in OpenBMB XAgent 1.0.0. The impacted element is the function FunctionHandler.handletoolcall of the file XAgent/functionhandler.py of the component API Key Handler. This manipulation of the argument apikey causes sensitive information in log files. The attack may be initiate...
CVE-2026-4957
A flaw has been found in OpenBMB XAgent 1.0.0. The impacted element is the function FunctionHandler.handletoolcall of the file XAgent/functionhandler.py of the component API Key Handler. This manipulation of the argument apikey causes sensitive information in log files. The attack may be initiate...
CVE-2026-4957 OpenBMB XAgent API Key function_handler.py FunctionHandler.handle_tool_call log file
A flaw has been found in OpenBMB XAgent 1.0.0. The impacted element is the function FunctionHandler.handletoolcall of the file XAgent/functionhandler.py of the component API Key Handler. This manipulation of the argument apikey causes sensitive information in log files. The attack may be initiate...
CVE-2026-4957
OpenBMB XAgent 1.0.0 is affected. The issue sits in the file XAgent/function_handler.py, inside the API Key Handler, specifically the function FunctionHandler.handle_tool_call . Manipulating the argument api_key can cause sensitive information to be written to log files. This enables a remote att...