Enviar #811314: inkeep agents 0.58.14 Authentication Bypass (CWE-288)información

Títuloinkeep agents 0.58.14 Authentication Bypass (CWE-288)
Descripción# Technical Details An Authentication Bypass vulnerability exists in the `createDevContext` function in `agents-api/src/middleware/runAuth.ts` of inkeep agents. The application fails to properly validate inputs and authenticate requests when the application is running in `development` or `test` mode, trusting the unverified `x-inkeep-tenant-id`, `x-inkeep-project-id`, and `x-inkeep-agent-id` HTTP headers. # Vulnerable Code File: agents-api/src/middleware/runAuth.ts Method: createDevContext Why: The function blindly prioritizes external `x-inkeep-*` HTTP headers over safe test defaults to construct a dummy user execution context, which allows bypassing strict API key authentication when developer bypass secrets or API keys are missing. # Reproduction 1. Ensure the agents-api application is running locally with `ENVIRONMENT=development` (which is the default). 2. Identify a protected endpoint, such as `/run/agents/{agent_id}/chat`. 3. Submit an unauthenticated POST request and inject targeted execution context parameters via the `x-inkeep-tenant-id`, `x-inkeep-project-id`, and `x-inkeep-agent-id` headers (e.g., `curl -X POST "http://localhost:3002/run/agents/target-agent/chat" -H "x-inkeep-tenant-id: hacked-tenant" ...`). # Impact - Authentication Bypass & Privilege Escalation (Tenant Takeover) allowing unauthenticated attackers to assume the identity of any registered platform tenant and project. - Unauthorized Data Access exposing cross-tenant interaction histories, metadata, and intelligent model configurations. - API Exhaustion / Billing Fraud where attackers can consume significant backend LLM tokens billed to impersonated victims.
Fuente⚠️ https://github.com/inkeep/agents/issues/3024
Usuario
 Eric-d (UID 96861)
Sumisión2026-04-23 11:18 (hace 1 mes)
Moderación2026-05-11 15:36 (18 days later)
EstadoAceptado
Entrada de VulDB362608 [inkeep agents 0.58.14 runAuth Middleware runAuth.ts createDevContext autenticación débil]
Puntos20

AnteriorVisión De ConjuntoPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!