Which versions of Inkeep Agents are affected by CVE-2026-8321?

Inkeep Agents versions up to 0.58.14 contain an authentication bypass vulnerability that allows unauthenticated remote attackers to access protected resources without valid credentials via alternate…

Is there a public PoC exploit available for CVE-2026-8321?

Yes, a public proof-of-concept exploit is available for CVE-2026-8321. Prioritise patching immediately. EPSS: 0.1%.

Inkeep Agents CVE-2026-8321

Q: What is the CVSS score of CVE-2026-8321?

CVE-2026-8321 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-29212 MEDIUM

Authentication Bypass Using an Alternate Path or Channel (CWE-288)

2026-05-11 VulDB

GHSA-mv62-653x-7444

Authentication Bypass

5.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

May 11, 2026 - 20:37 NVD

HIGH MEDIUM

CVSS changed

May 11, 2026 - 20:37 NVD

7.3 (HIGH) 5.5 (MEDIUM)

Analysis Generated

May 11, 2026 - 20:31 vuln.today

CVE Published

May 11, 2026 - 19:45 nvd

HIGH 7.3

DescriptionNVD

A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function createDevContext of the file agents-api/src/middleware/runAuth.ts of the component runAuth Middleware. Performing a manipulation results in authentication bypass using alternate channel. The attack is possible to be carried out remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Authentication bypass in Inkeep Agents 0.58.14 allows remote unauthenticated attackers to circumvent authentication controls via alternate channel manipulation in the runAuth middleware. The vulnerability exists in the createDevContext function of agents-api/src/middleware/runAuth.ts, enabling unauthorized access to protected resources with low impact to confidentiality, integrity, and availability. …

RemediationAI

Within 24 hours: Inventory all Inkeep Agents deployments and document versions in use; isolate or disable any instances running 0.58.14 or earlier if operationally feasible. Within 7 days: Implement network segmentation to restrict unauthenticated access to Inkeep Agents endpoints; monitor authentication logs for suspicious bypass attempts. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-8321 vulnerability details – vuln.today

Back

Inkeep Agents CVE-2026-8321

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Inkeep Agents CVE-2026-8321

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code