CVE-2026-12203

Published: Giu 15, 2026 Last Modified: Giu 15, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
MEDIUM 5,3
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: low
Integrity: none
Availability: none
MEDIUM 5,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: partial
Integrity: none
Availability: none

Description

AI Translation Available

A vulnerability was found in HKUDS AI-Trader up to 74caf996f78dcc0c657df8365c8544678a16e215. This affects an unknown part of the file /api/research/agents.csv of the component Research Export. Performing a manipulation results in information disclosure. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The patch is named 91a31aac1b0f4dbc6b8bef9f6eff0b7912e0bc65. Applying a patch is the recommended action to fix this issue. The vendor confirms: 'Research export endpoints now require an authenticated agent with the research_exports capability'.

200

Exposure of Sensitive Information to an Unauthorized Actor

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality
Potential Impacts:
Read Application Data
Applicable Platforms
Technologies: Not Technology-Specific, Web Based, Mobile
Likelihood of Exploit: High
View CWE Details
284

Improper Access Control

Incomplete
Abstraction: Pillar Structure: Simple
Common Consequences
Security Scopes Affected:
Other
Potential Impacts:
Varies By Context
Applicable Platforms
Technologies: Not Technology-Specific, ICS/OT, Web Based
View CWE Details
https://github.com/Dave-gilmore-aus/security-advisories/blo…
https://github.com/Dave-gilmore-aus/security-advisories/blob/main/AI-Trader-Una…
https://github.com/HKUDS/AI-Trader/
https://github.com/HKUDS/AI-Trader/
https://github.com/HKUDS/AI-Trader/commit/91a31aac1b0f4dbc6…
https://github.com/HKUDS/AI-Trader/commit/91a31aac1b0f4dbc6b8bef9f6eff0b7912e0b…
https://github.com/HKUDS/AI-Trader/issues/242
https://github.com/HKUDS/AI-Trader/issues/242
https://github.com/HKUDS/AI-Trader/pull/227
https://github.com/HKUDS/AI-Trader/pull/227
https://vuldb.com/cve/CVE-2026-12203
https://vuldb.com/cve/CVE-2026-12203
https://vuldb.com/submit/830273
https://vuldb.com/submit/830273
https://vuldb.com/vuln/370846
https://vuldb.com/vuln/370846
https://vuldb.com/vuln/370846/cti
https://vuldb.com/vuln/370846/cti