Skip to main content

Agents

2 CVEs product

Monthly

CVE-2026-8321 MEDIUM POC This Month

Authentication bypass in Inkeep Agents 0.58.14 allows remote unauthenticated attackers to circumvent authentication controls via alternate channel manipulation in the runAuth middleware. The vulnerability exists in the createDevContext function of agents-api/src/middleware/runAuth.ts, enabling unauthorized access to protected resources with low impact to confidentiality, integrity, and availability. Publicly available exploit code exists (GitHub issue #3024), and the vendor has not yet responded to the vulnerability report, meaning no patch is currently available.

Authentication Bypass Agents
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-8319 PyPI MEDIUM POC This Month

Denial of service in aiwaves-cn agents up to commit e8c4e3c2d19739d3dff59e577d1c97090cc15f59 allows remote unauthenticated attackers to exhaust server resources via the recall_relevant_memories_to_working_memory function in cheshire_cat_core component, causing service unavailability. Publicly available exploit code exists (CWE-400: Uncontrolled Resource Consumption). With an CVSS score of 5.3 and EPSS exploitation probability rated 'P', this represents a moderate-severity availability threat suitable for prioritization in resource-constrained environments.

Denial Of Service Agents
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Authentication bypass in Inkeep Agents 0.58.14 allows remote unauthenticated attackers to circumvent authentication controls via alternate channel manipulation in the runAuth middleware. The vulnerability exists in the createDevContext function of agents-api/src/middleware/runAuth.ts, enabling unauthorized access to protected resources with low impact to confidentiality, integrity, and availability. Publicly available exploit code exists (GitHub issue #3024), and the vendor has not yet responded to the vulnerability report, meaning no patch is currently available.

Authentication Bypass Agents
NVD VulDB GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Denial of service in aiwaves-cn agents up to commit e8c4e3c2d19739d3dff59e577d1c97090cc15f59 allows remote unauthenticated attackers to exhaust server resources via the recall_relevant_memories_to_working_memory function in cheshire_cat_core component, causing service unavailability. Publicly available exploit code exists (CWE-400: Uncontrolled Resource Consumption). With an CVSS score of 5.3 and EPSS exploitation probability rated 'P', this represents a moderate-severity availability threat suitable for prioritization in resource-constrained environments.

Denial Of Service Agents
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy