CVE-2026-4959 in OpenBMB XAgentinformation

Résumé (Anglaise)

A vulnerability was found in OpenBMB XAgent 1.0.0. This impacts the function check_user of the file XAgentServer/application/websockets/share.py of the component ShareServer WebSocket Endpoint. Performing a manipulation of the argument interaction_id results in missing authentication. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Divulgation

27/03/2026

Entrées

VulDB provides additional information and datapoints for this CVE:

ID	Vulnérabilité	CWE	Exp	Con	CVE
353836	OpenBMB XAgent ShareServer WebSocket share.py check_user authentification faible	306	Preuve de concept	Non défini	CVE-2026-4959

Description

CPE

CWE

CVSS

Exploits

Histoire

Diff

Relier

Renseignements sur les menaces

API JSON

API XML

API CSV

◂ PrécédentAperçuSuivant ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!