Severity by source
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable API with authenticated user requirement (PR:L); high complexity to enumerate victim conversationId; impact limited to reading others' conversation data with no integrity or availability consequence.
Primary rating from Vendor (VulDB).
CVSS VectorVendor: VulDB
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability was determined in VoltAgent up to 2.1.17. Affected by this issue is the function handleGetMemoryConversation of the file packages/server-core/src/handlers/memory.handlers.ts of the component Memory REST API. Executing a manipulation of the argument conversationId can lead to improper authorization. The attack may be performed from remote. This attack is characterized by high complexity. The exploitation is known to be difficult. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.
AnalysisAI
Improper authorization in VoltAgent's Memory REST API allows an authenticated user to read another user's private conversation history by substituting a victim's conversationId in requests to the handleGetMemoryConversation endpoint. All VoltAgent versions up to and including 2.1.17 are affected; the CVSS 4.0 base score of 2.3 reflects high attack complexity and limited confidentiality impact. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The attacker must hold a valid authenticated session on the VoltAgent instance (PR:L per CVSS 4.0 - unauthenticated exploitation is not possible). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Real-world risk is low-to-moderate and tightly scoped to multi-user VoltAgent deployments. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An authenticated VoltAgent user enumerates or guesses a victim user's conversationId - feasible if IDs follow a predictable format or can be leaked through other API responses - then issues a GET request to the Memory REST API substituting the victim's conversationId, bypassing the missing ownership check in handleGetMemoryConversation and receiving the victim's private AI conversation history in the response. A proof-of-concept demonstrating this cross-user data access is publicly available at https://github.com/VoltAgent/voltagent/issues/1315, lowering the barrier to exploitation for authenticated users. |
| Remediation | The upstream fix is the GitHub pull request #1317 at https://github.com/VoltAgent/voltagent/pull/1317, which binds Memory REST API operations to the authenticated user to prevent cross-user conversation access; however, this PR was pending acceptance at time of analysis and no patched tagged release version has been independently confirmed - monitor the VoltAgent repository at https://github.com/VoltAgent/voltagent/ for a release incorporating this PR and upgrade immediately when one is available. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-285 – Improper Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40008
GHSA-9qqm-g68p-fhhp