CVE-2026-4957 | OpenBMB XAgent 1.0.0 API Key function_handler.py FunctionHandler.handle_tool_call api_key log file

Inserito da Angelo Barbosa | Mar 27, 2026 | CVE

A vulnerability marked as problematic has been reported in OpenBMB XAgent 1.0.0. The impacted element is the function FunctionHandler.handle_tool_call of the file XAgent/function_handler.py of the component API Key Handler. This manipulation of the argument api_key causes sensitive information in log files.

This vulnerability appears as CVE-2026-4957. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4957 | OpenBMB XAgent 1.0.0 API Key function_handler.py FunctionHandler.handle_tool_call api_key log file

Post correlati

CVE-2025-21411 | Microsoft Windows up to Server 2025 Telephony Service heap-based overflow

CVE-2024-55662 | xwiki-platform up to 15.10.8/16.2.x neutralization of directives (GHSA-j2pq-22jj-4pm5)

CVE-2024-5296 | D-Link D-View 2.0.1.28 TokenUtils hard-coded key (ZDI-24-447)

CVE-2025-1043 | awsmin Embed Any Document Plugin up to 2.7.5 on WordPress Shortcode embeddoc server-side request forgery