Skip to main content

Ai Trader

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-12203 MEDIUM POC PATCH This Month

Unauthenticated information disclosure in HKUDS AI-Trader exposes the Research Export endpoint (`/api/research/agents.csv`) to any remote attacker without credentials, leaking proprietary research output in CSV format. The vendor explicitly confirmed the pre-patch state lacked access control: 'Research export endpoints now require an authenticated agent with the research_exports capability.' A public proof-of-concept exploit exists (CVSS 4.0: 6.9, E:P), and the upstream fix is available via commit 91a31aac1b0f4dbc6b8bef9f6eff0b7912e0bc65; no active exploitation is confirmed in CISA KEV at this time.

Information Disclosure Ai Trader
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.4%
CVE-2026-12203
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Unauthenticated information disclosure in HKUDS AI-Trader exposes the Research Export endpoint (`/api/research/agents.csv`) to any remote attacker without credentials, leaking proprietary research output in CSV format. The vendor explicitly confirmed the pre-patch state lacked access control: 'Research export endpoints now require an authenticated agent with the research_exports capability.' A public proof-of-concept exploit exists (CVSS 4.0: 6.9, E:P), and the upstream fix is available via commit 91a31aac1b0f4dbc6b8bef9f6eff0b7912e0bc65; no active exploitation is confirmed in CISA KEV at this time.

Information Disclosure Ai Trader
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy