4 matches found
EUVD-2026-30339
Hatchet is a platform for orchestrating background tasks, AI agents, and durable workflows at scale. Prior to 0.83.39, a missing authorization directive on the GET /api/v1/stable/dags/tasks endpoint caused Hatchet's tenant-membership check to be skipped for this route. A user authenticated to any...
CVE-2026-42572
Hatchet is a platform for orchestrating background tasks, AI agents, and durable workflows at scale. Prior to 0.83.39, a missing authorization directive on the GET /api/v1/stable/dags/tasks endpoint caused Hatchet's tenant-membership check to be skipped for this route. A user authenticated to any...
CVE-2026-42572
Hatchet’s CVE-2026-42572 describes a cross-tenant information disclosure in GET /api/v1/stable/dags/tasks due to a missing authorization directive. The underlying cause: the listTasksByDAGIds operation did not declare x-resources: ["tenant"], allowing a user authenticated to one tenant to supply ...
CVE-2026-42572 Hatchet: Cross-tenant information disclosure in `listTasksByDAGIds`
Hatchet is a platform for orchestrating background tasks, AI agents, and durable workflows at scale. Prior to 0.83.39, a missing authorization directive on the GET /api/v1/stable/dags/tasks endpoint caused Hatchet's tenant-membership check to be skipped for this route. A user authenticated to any...