4 matches found
CVE-2026-44504
Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, given another user's threadid, can execute graph runs against the user's thread, read the user's full...
EUVD-2026-30322
Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, given another user's threadid, can execute graph runs against the user's thread, read the user's full...
CVE-2026-44504
Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, given another user's threadid, can execute graph runs against the user's thread, read the user's full...
CVE-2026-44504 Aegra: Cross-user run injection in /threads/{thread_id}/runs (IDOR)
Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, given another user's threadid, can execute graph runs against the user's thread, read the user's full...