CVE-2026-4959 | OpenBMB XAgent 1.0.0 ShareServer WebSocket Endpoint share.py check_user interaction_id missing authentication

A vulnerability classified as critical has been found in OpenBMB XAgent 1.0.0. This impacts the function check_user of the file XAgentServer/application/websockets/share.py of the component ShareServer WebSocket Endpoint. Performing a manipulation of the argument interaction_id results in missing authentication.

This vulnerability is known as CVE-2026-4959. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4959 | OpenBMB XAgent 1.0.0 ShareServer WebSocket Endpoint share.py check_user interaction_id missing authentication

Post correlati

CVE-2024-21840 | Hitachi Storage Plug-in for VMware vCenter up to 04.9.2 default permission (hitachi-sec-2024-108)

CVE-2024-7576 | Progress Telerik UI for WPF prior 2024.3.924 deserialization

CVE-2024-35667 | WP EasyCart Plugin up to 5.5.19 on WordPress authorization

CVE-2024-7593 | Ivanti vTM up to 22.2R0/22.7R1 improper authentication