CVE-2026-8321
MEDIUM
5,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
HIGH
7,3
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: low
Integrity: low
Availability: low
HIGH
7,5
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: partial
Integrity: partial
Availability: partial
Description
AI Translation Available
A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function createDevContext of the file agents-api/src/middleware/runAuth.ts of the component runAuth Middleware. Performing a manipulation results in authentication bypass using alternate channel. The attack is possible to be carried out remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
287
Improper Authentication
DraftCommon Consequences
Security Scopes Affected:
Integrity
Confidentiality
Availability
Access Control
Potential Impacts:
Read Application Data
Gain Privileges Or Assume Identity
Execute Unauthorized Code Or Commands
Applicable Platforms
Technologies:
ICS/OT, Not Technology-Specific, Web Based
288
Authentication Bypass Using an Alternate Path or Channel
IncompleteCommon Consequences
Security Scopes Affected:
Access Control
Potential Impacts:
Bypass Protection Mechanism
Applicable Platforms
Technologies:
Not Technology-Specific, Web Based
https://github.com/inkeep/agents/
https://github.com/inkeep/agents/issues/3024
https://vuldb.com/submit/811314
https://vuldb.com/vuln/362608
https://vuldb.com/vuln/362608/cti