Skip to main content

Rowboat

1 CVEs product

Monthly

CVE-2026-6635 MEDIUM POC This Month

Improper authentication in rowboatlabs rowboat (versions up to 0.1.67) allows remote unauthenticated attackers to bypass authentication by manipulating the X-Tools-JWE header in the tools_webhook component. The vulnerability enables unauthorized access with low confidentiality, integrity, and availability impact. A public exploit exists (CVSS E:P). The vendor did not respond to early disclosure attempts. EPSS data unavailable; not listed in CISA KEV, suggesting limited widespread exploitation despite public POC.

Authentication Bypass Rowboat
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Improper authentication in rowboatlabs rowboat (versions up to 0.1.67) allows remote unauthenticated attackers to bypass authentication by manipulating the X-Tools-JWE header in the tools_webhook component. The vulnerability enables unauthorized access with low confidentiality, integrity, and availability impact. A public exploit exists (CVSS E:P). The vendor did not respond to early disclosure attempts. EPSS data unavailable; not listed in CISA KEV, suggesting limited widespread exploitation despite public POC.

Authentication Bypass Rowboat
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy