Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/06/02 10:2 p.m.20 views

CVE-2026-46414

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's WebSocket control plane trusts client-supplied identity and role fields in task messages. A client connection can register as a normal device, but later send a TASK...

8.8CVSS5.8AI score0.00502EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 11:16 p.m.21 views

CVE-2026-46414

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's WebSocket control plane trusts client-supplied identity and role fields in task messages. A client connection can register as a normal device, but later send a TASK...

8.8CVSS0.00502EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 9:54 p.m.9 views

CVE-2026-46414

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's WebSocket control plane trusts client-supplied identity and role fields in task messages. A client connection can register as a normal device, but later send a TASK...

8.8CVSS5.8AI score0.00502EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/27 9:54 p.m.14 views

EUVD-2026-32675

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's WebSocket control plane trusts client-supplied identity and role fields in task messages. A client connection can register as a normal device, but later send a TASK...

8.8CVSS5.8AI score0.00502EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 9:54 p.m.7 views

CVE-2026-46414 Microsoft UFO WebSocket role spoofing allows authenticated peer task hijacking

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's WebSocket control plane trusts client-supplied identity and role fields in task messages. A client connection can register as a normal device, but later send a TASK...

8.8CVSS5.8AI score0.00502EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 9:54 p.m.50 views

CVE-2026-46414

Technical details are not publicly available in the provided documents. Monitor for updates.

8.8CVSS5.8AI score0.00502EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 9:54 p.m.45 views

CVE-2026-46414 Microsoft UFO WebSocket role spoofing allows authenticated peer task hijacking

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's WebSocket control plane trusts client-supplied identity and role fields in task messages. A client connection can register as a normal device, but later send a TASK...

8.8CVSS0.00502EPSS
Exploits0References1
Rows per page
Query Builder