| Название | smythos sre <= 0.0.15 Improper Authentication / Authorization Bypass (CWE-287 / CWE-63 |
|---|
| Описание | # Technical Details
An authentication bypass and state injection vulnerability in the `AgentRuntime` engine allows an unauthenticated external attacker to arbitrarily manipulate and execute downstream internal agent components. By injecting specific HTTP headers (`X-DEBUG-INJ`), an attacker can force the runtime to accept an arbitrary execution tree containing malicious inputs, entirely bypassing any upstream authentication or authorization components configuring the Agent's flows.
# Vulnerable Code
File: packages/core/src/subsystems/AgentManager/AgentRuntime.class.ts
Method: AgentRuntime constructor & runCycle()
Why: The runtime extracts internal debug headers (`X-DEBUG-RUN`, `X-DEBUG-INJ`) from the unauthenticated HTTP request prior to running any component-level validation. An insecure conditional check specifically maps the raw, unvalidated HTTP request body into a privileged internal state variable `this.xDebugPendingInject`. Later, during the `runCycle()` processing loop, the engine prioritizes this injected tree over the authentically configured database component graph.
# Reproduction
1. Start an agent application running `@smythos/sre` with `AgentRuntime` reachable via API processing. Ensure a flow graph where a restricted component (`critical_action`) sits behind an `auth_check` component.
2. The attacker crafts a request using `requests.post()` and supplies the `X-DEBUG-INJ: bypass-auth` header.
3. In the malicious request body, the attacker forces the state `ctx.active: true` and defines `"sourceId": "auth_check"` for the downstream `critical_action` component.
4. Sending this payload causes the engine to skip the real authentication endpoints and exclusively execute the attacker-supplied state graph.
# Impact
- Critical Authentication and Authorization Bypass leading to complete Agent Execution Flow hijacking.
- Depending on the internal node graph available to the execution environment, this trivially escalates into Remote Code Execution (RCE) via `ServerlessCode` or `ECMASandbox` nodes, data extraction, or arbitrary state corruption.
|
|---|
| Источник | ⚠️ https://gist.github.com/YLChen-007/c6a4a6a5f4c8b9e758f72c07ca0cd30d |
|---|
| Пользователь | Eric-b (UID 96354) |
|---|
| Представление | 06.04.2026 05:51 (22 дни назад) |
|---|
| Модерация | 25.04.2026 15:52 (19 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 359601 [SmythOS sre до 0.0.15 HTTP Header AgentRuntime.class.ts AgentRuntime X-DEBUG-RUN/X-DEBUG-INJ слабая аутентификация] |
|---|
| Баллы | 20 |
|---|