CVE-2026-45577 in neotomathông tin

Tóm tắt

Bởi MITRE • 29/05/2026

Neotoma provides versioned records that persist across agent runs. From 0.6.0 to before 0.11.1, Neotoma can treat public reverse-proxied requests as local when the app receives them over a loopback socket and no Bearer token is present. In affected deployments, the REST auth middleware can resolve unauthenticated requests as the local development user, making the hosted Inspector and related API surface reachable without credentials. This vulnerability is fixed in 0.11.1.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

chịu trách nhiệm

GitHub M

Đặt trước

12/05/2026

Tiết lộ

29/05/2026

Kiểm duyệt

được chấp nhận

mục

VDB-367345

CPE

sẵn sàng

CWE

CWE-288 (Đã xác nhận)

CVSS

5.3 (VulDB)

EPSS

0.00041

KEV

không

Các hoạt động

rất thấp

Nguồn

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-45577
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-45577
CVE Details	https://www.cvedetails.com/cve/CVE-2026-45577/

◂ Trước Tổng Quan Tiếp theo ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!