CVE-2026-7021 | SmythOS sre up to 0.0.15 Connector Service utils.ts baseURL information disclosure

A vulnerability identified as problematic has been detected in SmythOS sre up to 0.0.15. This impacts an unknown function of the file packages/sdk/src/LLM/utils.ts of the component Connector Service. This manipulation of the argument baseURL causes information disclosure.

The identification of this vulnerability is CVE-2026-7021. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-7021 | SmythOS sre up to 0.0.15 Connector Service utils.ts baseURL information disclosure

Post correlati

CVE-2025-25191 | Intermesh groupoffice up to 6.8.99 Name cross site scripting (GHSA-j7p3-v652-p3gf)

CVE-2024-46647 | eNMS up to 4.7.1 upload_files path traversal

CVE-2025-52435 | Apache NimBLE up to 1.8.0 Pause Encryption Procedure cleartext transmission

CVE-2025-24460 | JetBrains TeamCity up to 2024.12 Agent Pool authorization