Skip to main content

Microsoft UFO CVE-2026-46538

MEDIUM
Authentication Bypass by Capture-replay (CWE-294)
2026-05-27 GitHub_M
5.9
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
5.9 MEDIUM
AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
Low

Lifecycle Timeline

2
Analysis Generated
May 27, 2026 - 22:55 vuln.today
CVE Published
May 27, 2026 - 21:56 nvd
MEDIUM 5.9

DescriptionGitHub Advisory

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's constellation client tracks pending task responses by session_id only and does not verify that a TASK_END message came from the device that originally received the task. When the constellation sends a task to a target device, it records a pending Future under a session key. The pending task record stores the expected device ID, but the completion path ignores that binding. If another authenticated peer device sends a forged TASK_END with the same session_id, the constellation accepts the response and completes the victim device's pending Future with attacker-controlled result data. This is an authenticated cross-device task-result injection issue.

AnalysisAI

Authenticated cross-device task-result injection in Microsoft UFO's constellation architecture allows a low-privileged peer device to hijack the pending task response of a victim device by spoofing a TASK_END message. Specifically in version 3.0.1-4-ge2626659, the constellation server resolves pending Futures keyed solely on session_id without binding verification to the originating device, meaning any authenticated constellation participant who can supply a matching session_id can substitute attacker-controlled result data into the victim device's task flow. No public exploit has been identified at time of analysis and this CVE is not listed in the CISA KEV catalog, though the high-complexity CVSS vector (AC:H) reflects the session_id guessing or observation requirement.

Technical ContextAI

Microsoft UFO is an open-source agentic automation framework that coordinates tasks across multiple devices via a constellation server. The constellation dispatches tasks to target devices and tracks their completion using Python asyncio Future objects keyed by session_id. According to the advisory, the pending task record internally stores the expected device ID binding, but the TASK_END completion handler does not enforce that binding - it resolves the Future for any authenticated peer that presents the correct session_id. CWE-294 (Authentication Bypass by Capture-Replay) describes the root cause class: the framework authenticates participants at connection time but does not re-verify device identity at the message-handling level, allowing a legitimately authenticated device to act on behalf of another. Affected CPE is cpe:2.3:a:microsoft:ufo:*:*:*:*:*:*:*:*, with the specific vulnerable commit identified as 3.0.1-4-ge2626659.

RemediationAI

The primary reference is the GitHub Security Advisory GHSA-wmq2-74rj-7pjc at https://github.com/microsoft/UFO/security/advisories/GHSA-wmq2-74rj-7pjc; consult it for the upstream patch commit or patched release version, as no exact fix version number was included in the available intelligence - upstream fix availability via PR or commit is plausible but a released tagged version has not been independently confirmed from this data. As a compensating control pending patch application, restrict constellation membership strictly to mutually trusted, isolated devices using network-level access controls (e.g., firewall rules limiting which hosts can join the constellation), reducing the pool of peers who could send forged TASK_END messages. Additionally, adding server-side device-ID binding enforcement in the TASK_END handler - validating that the responding device matches the original dispatch record - would directly close the logical gap, and operators with the ability to patch locally should apply this fix. Note that restricting constellation membership may impact the multi-device automation use cases UFO is designed for, so the trade-off must be weighed against operational requirements.

Share

CVE-2026-46538 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy