Submit #777615: OpenBMB XAgent v1.0.0 CWE-532info

TitleOpenBMB XAgent v1.0.0 CWE-532
Description# Technical Details An Incomplete API Key Masking vulnerability exists in the `FunctionHandler.handle_tool_call()` method in `XAgent/function_handler.py` (lines 195-200 and 277) of XAgent. The application fails to mask third-party API keys in the operational log call and the `using_tools` dictionary construction in `function_handler.py`, despite commit `d16efaf` having introduced `api_key` redaction in `recorder.py` and `server.py`. This creates two independent exfiltration paths. # Vulnerable Code File: XAgent/function_handler.py Method: handle_tool_call() (lines 195-200, 277) Why: The `arguments` dict (which may contain `api_key`) is logged verbatim via `typewriter_log()` and passed unmasked into the `using_tools` dict, which flows to MySQL and WebSocket. File: XAgent/inner_loop_search_algorithms/ReACT.py (lines 302-303) Method: insert_data() Why: Stores the raw `using_tools` dict (containing unmasked `api_key`) into the MySQL `raw` table. File: XAgentServer/application/websockets/common.py (lines 37-38, 60) Why: Reads `tool_input` verbatim from the database and sends it to the WebSocket client without redacting `api_key`. # Reproduction 1. Deploy XAgent via Docker (`docker compose up -d`). 2. Login with default credentials (Guest/xagent) and create an interaction. 3. Submit a task that causes the agent to invoke any RapidAPI tool accepting `api_key` (e.g., `RapidAPIEnv_rapi_surveymethods_dashboard`). 4. Observe the plaintext `api_key` returned in the WebSocket stream (`/ws/base/{id}`). 5. Alternatively, read `interact.log` via the path traversal in `POST /workspace/file` with `file_name=../interact.log`. # Impact - Credential theft: Third-party API keys (RapidAPI, SurveyMethods, drug databases, Amazon scraper) returned to attacker. - Incomplete fix bypass: Existing patch (d16efaf) creates false sense of security. - WebSocket path is patch-independent: Even if path traversal is fixed, WebSocket continues delivering unmasked keys.
Source⚠️ https://gist.github.com/YLChen-007/6279f3de0c2dff7732eaaf820843b562
User
 Eric-z (UID 95890)
Submission03/11/2026 13:58 (19 days ago)
Moderation03/27/2026 09:08 (16 days later)
StatusAccepted
VulDB entry353834 [OpenBMB XAgent 1.0.0 API Key function_handler.py FunctionHandler.handle_tool_call api_key log file]
Points20

PreviousOverviewNext

Want to know what is going to be exploited?

We predict KEV entries!