CVE-2026-6635 | rowboatlabs rowboat up to 0.1.67 tools_webhook app.py tool_call X-Tools-JWE improper authentication

Inserito da Angelo Barbosa | Apr 19, 2026 | CVE

A vulnerability categorized as critical has been discovered in rowboatlabs rowboat up to 0.1.67. This impacts the function tool_call of the file apps/experimental/tools_webhook/app.py of the component tools_webhook. Such manipulation of the argument X-Tools-JWE leads to improper authentication.

This vulnerability is listed as CVE-2026-6635. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-6635 | rowboatlabs rowboat up to 0.1.67 tools_webhook app.py tool_call X-Tools-JWE improper authentication

Post correlati

CVE-2025-1613 | FiberHome AN5506-01A ONU GPON RP2511 URL Filtering Submenu /goform/URL_filterCfg url_IP cross site scripting

CVE-2024-31135 | JetBrains TeamCity prior 2024.03 Login Page redirect

CVE-2025-34523 | Arcserve Unified Data Protection up to 10.1 heap-based overflow

CVE-2024-40954 | Linux Kernel up to 5.15.161/6.1.95/6.6.35/6.9.6 atomic64_64.h __sock_release use after free