Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
A weakness has been identified in SmythOS sre up to 0.0.15. This impacts an unknown function of the file packages/sdk/src/LLM/utils.ts of the component Connector Service. This manipulation of the argument baseURL causes information disclosure. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
SmythOS sre versions up to 0.0.15 expose sensitive information through improper validation of the baseURL argument in the Connector Service's LLM utilities component. An authenticated remote attacker with user interaction can manipulate the baseURL parameter to disclose confidential data. Public exploit code exists, and the vendor has not responded to early disclosure notifications.
Technical ContextAI
The vulnerability resides in packages/sdk/src/LLM/utils.ts within SmythOS's Connector Service. The root cause is classified under CWE-200 (Information Exposure), indicating inadequate controls over the baseURL parameter used in HTTP communications with language model endpoints. The Connector Service likely constructs API requests using a user-supplied or influenced baseURL without proper validation or sanitization, allowing an attacker to redirect requests to attacker-controlled infrastructure or extract sensitive headers and request payloads intended for legitimate LLM services.
RemediationAI
Upgrade SmythOS sre to a version newer than 0.0.15; however, no patched version is explicitly confirmed in the available data due to vendor non-responsiveness. As an immediate compensating control, restrict access to the Connector Service to trusted network ranges and implement strict input validation on all baseURL parameters, ensuring they match a whitelist of approved LLM endpoints. Disable or restrict user ability to modify baseURL unless business-critical; if modification is necessary, implement approval workflows requiring administrator sign-off. Monitor HTTP requests from the Connector Service for unusual destination hosts or suspicious patterns. These controls reduce the attack surface while awaiting a vendor patch or alternative solution. Note that restricting user modification of baseURL may impact legitimate workflow flexibility.
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25696