CVE-2026-40252

FastGPT is an AI Agent building platform. Prior to 4.14.10.4, Broken Access Control vulnerability IDOR/BOLA allows any authenticated team to access and execute applications belonging to other teams by supplying a foreign appId. While the API correctly validates the team token, it does not verify...

CVE-2026-40252

CVE-2026-40252 affects the FastGPT AI Agent building platform. The flaw is a Broken Access Control (IDOR/BOLA) where, before version 4.14.10.4, an authenticated user from one team could access and execute applications belonging to another team by supplying a foreign appId. The root cause is that ...

CVE-2026-40252 Broken Access Control (IDOR) Leading to Cross-Tenant Application Access in FastGPT

FastGPT is an AI Agent building platform. Prior to 4.14.10.4, Broken Access Control vulnerability IDOR/BOLA allows any authenticated team to access and execute applications belonging to other teams by supplying a foreign appId. While the API correctly validates the team token, it does not verify...

FastGPT 安全漏洞

FastGPT is an open-source knowledge base question-answering system based on large language models, developed by Labring. Versions of FastGPT prior to 4.14.10.4 contained a security vulnerability. This vulnerability stemmed from improper access control: any authenticated team could access and...

PT-2026-32044

FastGPT is an AI Agent building platform. Prior to 4.14.10.4, Broken Access Control vulnerability IDOR/BOLA allows any authenticated team to access and execute applications belonging to other teams by supplying a foreign appId. While the API correctly validates the team token, it does not verify...

CVE-2026-40088

PraisonAI is a multi-agent teams system. Prior to 4.5.121, the executecommand function and workflow shell execution are exposed to user-controlled input via agent workflows, YAML definitions, and LLM-generated tool calls, allowing attackers to inject arbitrary shell commands through shell...

EUVD-2026-21064

PraisonAI is a multi-agent teams system. Prior to 4.5.121, the executecommand function and workflow shell execution are exposed to user-controlled input via agent workflows, YAML definitions, and LLM-generated tool calls, allowing attackers to inject arbitrary shell commands through shell...

CVE-2026-40088

PraisonAI is a multi-agent teams system. Prior to 4.5.121, the executecommand function and workflow shell execution are exposed to user-controlled input via agent workflows, YAML definitions, and LLM-generated tool calls, allowing attackers to inject arbitrary shell commands through shell...

CVE-2026-40088

PraxionAI (PraisonAI) is vulnerable to OS command injection prior to version 4.5.121. The execute_command function and workflow shell execution accept user-controlled input through YAML workflows, agent configurations, and LLM-generated tool calls, passing commands with shell=True to subprocess.r...

Command Injection

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

CVE-2026-33458 Server-Side Request Forgery (SSRF) in Kibana One Workflow Leading to Information Disclosure

Server-Side Request Forgery CWE-918 in Kibana One Workflow can lead to information disclosure. An authenticated user with workflow creation and execution privileges can bypass host allowlist restrictions in the Workflows Execution Engine, potentially exposing sensitive internal endpoints and data...

CVE-2026-33458 Server-Side Request Forgery (SSRF) in Kibana One Workflow Leading to Information Disclosure

Server-Side Request Forgery CWE-918 in Kibana One Workflow can lead to information disclosure. An authenticated user with workflow creation and execution privileges can bypass host allowlist restrictions in the Workflows Execution Engine, potentially exposing sensitive internal endpoints and data...

Kibana 9.3.3 Security Update (ESA-2026-28)

Server-Side Request Forgery SSRF in Kibana One Workflow Leading to Information Disclosure Server-Side Request Forgery CWE-918 in Kibana One Workflow can lead to information disclosure. An authenticated user with workflow creation and execution privileges can bypass host allowlist restrictions in...

Emissary has GitHub Actions Shell Injection via Workflow Inputs

Summary Three GitHub Actions workflow files contained 10 shell injection points where user-controlled workflowdispatch inputs were interpolated directly into shell commands via $ expression syntax. An attacker with repository write access could inject arbitrary shell commands, leading to reposito...

Multi-OS Cyberattacks: How SOCs Close a Critical Risk in 3 Steps

Your attack surface no longer lives on one operating system, and neither do the campaigns targeting it. In enterprise environments, attackers move across Windows endpoints, executive MacBooks, Linux infrastructure, and mobile devices, taking advantage of the fact that many SOC workflows are still...

CVE-2026-2950 vulnerabilities

Vulnerabilities for packages: foxx-cli, sqlpad, kubeflow-centraldashboard, wazuh-dashboard, pelias-api, code-server, langfuse-fips, vitess, opensearch-dashboards-fips, kubeflow-pipelines, redisinsight, saf, npm, renovate, jitsucom-jitsu, json-server, argo-workflows, prism, kibana,...

CVE-2026-4800 vulnerabilities

Vulnerabilities for packages: foxx-cli, sqlpad, kubeflow-centraldashboard, wazuh-dashboard, pelias-api, code-server, langfuse-fips, vitess, opensearch-dashboards-fips, kubeflow-pipelines, redisinsight, saf, npm, renovate, jitsucom-jitsu, json-server, argo-workflows, prism, kibana,...

GHSA-F23M-R3PF-42RH vulnerabilities

Vulnerabilities for packages: foxx-cli, sqlpad, kubeflow-centraldashboard, wazuh-dashboard, pelias-api, code-server, langfuse-fips, vitess, opensearch-dashboards-fips, kubeflow-pipelines, redisinsight, saf, npm, renovate, jitsucom-jitsu, json-server, argo-workflows, prism, kibana,...

GHSA-R5FR-RJXR-66JC vulnerabilities

Vulnerabilities for packages: foxx-cli, sqlpad, kubeflow-centraldashboard, wazuh-dashboard, pelias-api, code-server, langfuse-fips, vitess, opensearch-dashboards-fips, kubeflow-pipelines, redisinsight, saf, npm, renovate, jitsucom-jitsu, json-server, argo-workflows, prism, kibana,...

CVE-2026-5199

A writer role user in an attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster. Exploitation requires the attacker to know or guess specific victim workflow IDs and, for signal operations, signal names. This was due to a bu...