← volver
CVE-2026-8321

inkeep agents runAuth Middleware runAuth.ts createDevContext authentication bypass

CVSS 6.9 MEDIUMEPSS 0.4%CWE-287CWE-288
A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function createDevContext of the file agents-api/src/middleware/runAuth.ts of the component runAuth Middleware. Performing a manipulation results in authentication bypass using alternate channel. The attack is possible to be carried out remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Productos afectados
inkeep · agents
PoCs públicas encontradas1
cve_referencegithub.com/inkeep/agents/issues/3024no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/inkeep/agents/https://github.com/inkeep/agents/issues/3024https://vuldb.com/submit/811314https://vuldb.com/vuln/362608https://vuldb.com/vuln/362608/cti