Common Weakness Enumeration

CWE-942

Allowed

Permissive Cross-domain Security Policy with Untrusted Domains

Abstraction: Variant · Status: Incomplete

The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate.

178 vulnerabilities reference this CWE, most recent first.

GHSA-3RG4-QGV3-4987

Vulnerability from github – Published: 2024-01-26 03:30 – Updated: 2024-01-26 03:30
VLAI
Details

Microsoft Edge for Android Information Disclosure Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-21382"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-942"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-26T01:15:10Z",
    "severity": "MODERATE"
  },
  "details": "Microsoft Edge for Android Information Disclosure Vulnerability",
  "id": "GHSA-3rg4-qgv3-4987",
  "modified": "2024-01-26T03:30:19Z",
  "published": "2024-01-26T03:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21382"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21382"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3VCP-CHFH-F6R2

Vulnerability from github – Published: 2026-05-14 20:15 – Updated: 2026-06-09 10:19
VLAI
Summary
Default kuma-cp leaks admin token cross-origin via CORS wildcard + LocalhostIsAdmin
Details

Summary

Default kuma-cp config leaks the admin bootstrap token and signing keys to any webpage the operator visits while the control plane is reachable from their browser. CorsAllowedDomains: [".*"] reflects any Origin, and LocalhostIsAdmin: true promotes requests from 127.0.0.1 to mesh-system:admin. A cross-origin fetch() from a malicious page returns the admin JWT and signing material.

Am I affected?

You are affected if all of these hold:

  1. kuma-cp runs with default config (CorsAllowedDomains: [".*"] and LocalhostIsAdmin: true).
  2. The control plane is reachable from a browser on the same machine:
  3. kuma-cp run on a developer laptop
  4. Docker --network host or port-publish on a workstation
  5. kubectl port-forward from a machine that also browses the web
  6. The operator visits a page running attacker JavaScript while the control plane is reachable.

You are not affected if:

  • The control plane runs on a Kubernetes cluster accessed via ClusterIP, NodePort, or LoadBalancer from a remote client.
  • The control plane runs on an SSH-administered VM with no browser on the host.
  • KUMA_API_SERVER_AUTHN_LOCALHOST_IS_ADMIN=false is set (see https://kuma.io/docs/latest/production/secure-deployment/api-server-auth/).
  • KUMA_API_SERVER_CORS_ALLOWED_DOMAINS is set to an explicit allowlist that excludes attacker origins.

Mitigation

  1. Set KUMA_API_SERVER_AUTHN_LOCALHOST_IS_ADMIN=false after retrieving the admin token.
  2. Set KUMA_API_SERVER_CORS_ALLOWED_DOMAINS to an explicit allowlist, for example http://localhost:5681,http://127.0.0.1:5681.
  3. Do not run kuma-cp on a machine where you browse untrusted sites.

Fix

Fixed in #16416, backported to all supported release branches (#16423, #16424, #16425, #16426, #16427).

Changes in patched versions:

  • CorsAllowedDomains default changed from [".*"] to [] — CORS is now opt-in; set the env var explicitly if you need GUI access.
  • LocalhostIsAdmin hardened: now requires direct loopback RemoteAddr and Host, and rejects requests carrying proxy-hop headers (X-Forwarded-For), cross-site fetch metadata (Sec-Fetch-Site), or a non-localhost Origin.

Upgrade to a patched version:

  • 2.7.25
  • 2.9.15
  • 2.11.13
  • 2.12.10
  • 2.13.5

Credits

Reported by eldudareeno.

CVSS

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N = 5.1 Medium.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/kumahq/kuma"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.7.25"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/kumahq/kuma"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.9.0"
            },
            {
              "fixed": "2.9.15"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/kumahq/kuma"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.11.0"
            },
            {
              "fixed": "2.11.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/kumahq/kuma"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.12.0"
            },
            {
              "fixed": "2.12.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/kumahq/kuma"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.13.0"
            },
            {
              "fixed": "2.13.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-45021"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-346",
      "CWE-942"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-14T20:15:08Z",
    "nvd_published_at": "2026-05-28T18:16:34Z",
    "severity": "MODERATE"
  },
  "details": "## Summary\n\nDefault `kuma-cp` config leaks the admin bootstrap token and signing keys to any webpage the operator visits while the control plane is reachable from their browser. `CorsAllowedDomains: [\".*\"]` reflects any `Origin`, and `LocalhostIsAdmin: true` promotes requests from `127.0.0.1` to `mesh-system:admin`. A cross-origin `fetch()` from a malicious page returns the admin JWT and signing material.\n\n## Am I affected?\n\nYou are affected if all of these hold:\n\n1. `kuma-cp` runs with default config (`CorsAllowedDomains: [\".*\"]` and `LocalhostIsAdmin: true`).\n2. The control plane is reachable from a browser on the same machine:\n   - `kuma-cp run` on a developer laptop\n   - Docker `--network host` or port-publish on a workstation\n   - `kubectl port-forward` from a machine that also browses the web\n3. The operator visits a page running attacker JavaScript while the control plane is reachable.\n\nYou are not affected if:\n\n- The control plane runs on a Kubernetes cluster accessed via ClusterIP, NodePort, or LoadBalancer from a remote client.\n- The control plane runs on an SSH-administered VM with no browser on the host.\n- `KUMA_API_SERVER_AUTHN_LOCALHOST_IS_ADMIN=false` is set (see https://kuma.io/docs/latest/production/secure-deployment/api-server-auth/).\n- `KUMA_API_SERVER_CORS_ALLOWED_DOMAINS` is set to an explicit allowlist that excludes attacker origins.\n\n## Mitigation\n\n1. Set `KUMA_API_SERVER_AUTHN_LOCALHOST_IS_ADMIN=false` after retrieving the admin token.\n2. Set `KUMA_API_SERVER_CORS_ALLOWED_DOMAINS` to an explicit allowlist, for example `http://localhost:5681,http://127.0.0.1:5681`.\n3. Do not run `kuma-cp` on a machine where you browse untrusted sites.\n\n## Fix\n\nFixed in [#16416](https://github.com/kumahq/kuma/pull/16416), backported to all supported release branches ([#16423](https://github.com/kumahq/kuma/pull/16423), [#16424](https://github.com/kumahq/kuma/pull/16424), [#16425](https://github.com/kumahq/kuma/pull/16425), [#16426](https://github.com/kumahq/kuma/pull/16426), [#16427](https://github.com/kumahq/kuma/pull/16427)).\n\nChanges in patched versions:\n\n- `CorsAllowedDomains` default changed from `[\".*\"]` to `[]` \u2014 CORS is now opt-in; set the env var explicitly if you need GUI access.\n- `LocalhostIsAdmin` hardened: now requires direct loopback `RemoteAddr` and `Host`, and rejects requests carrying proxy-hop headers (`X-Forwarded-For`), cross-site fetch metadata (`Sec-Fetch-Site`), or a non-localhost `Origin`.\n\nUpgrade to a patched version:\n\n- 2.7.25\n- 2.9.15\n- 2.11.13\n- 2.12.10\n- 2.13.5\n\n## Credits\n\nReported by `eldudareeno`.\n\n## CVSS\n\n`CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N` = 5.1 Medium.",
  "id": "GHSA-3vcp-chfh-f6r2",
  "modified": "2026-06-09T10:19:22Z",
  "published": "2026-05-14T20:15:08Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/kumahq/kuma/security/advisories/GHSA-3vcp-chfh-f6r2"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45021"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kumahq/kuma/pull/16416"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kumahq/kuma/pull/16423"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kumahq/kuma/pull/16424"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kumahq/kuma/pull/16425"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kumahq/kuma/pull/16426"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kumahq/kuma/pull/16427"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kumahq/kuma/commit/8fefa8595d44eb68d922405702ed7a0826322907"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/kumahq/kuma"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Default kuma-cp leaks admin token cross-origin via CORS wildcard + LocalhostIsAdmin"
}

GHSA-3X46-395M-V3QC

Vulnerability from github – Published: 2023-04-28 12:30 – Updated: 2023-04-28 12:30
VLAI
Details

Sensitive information disclosure due to CORS misconfiguration. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.2.0-135.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-2360"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-942"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-28T12:15:09Z",
    "severity": "LOW"
  },
  "details": "Sensitive information disclosure due to CORS misconfiguration. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.2.0-135.",
  "id": "GHSA-3x46-395m-v3qc",
  "modified": "2023-04-28T12:30:15Z",
  "published": "2023-04-28T12:30:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2360"
    },
    {
      "type": "WEB",
      "url": "https://security-advisory.acronis.com/advisories/SEC-4215"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4765-J7W9-P387

Vulnerability from github – Published: 2022-12-22 21:30 – Updated: 2025-04-15 15:30
VLAI
Details

A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-31736"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-942"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-22T20:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird \u003c 91.10, Firefox \u003c 101, and Firefox ESR \u003c 91.10.",
  "id": "GHSA-4765-j7w9-p387",
  "modified": "2025-04-15T15:30:35Z",
  "published": "2022-12-22T21:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31736"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1735923"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2022-20"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2022-21"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2022-22"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4946-85PR-FVXH

Vulnerability from github – Published: 2024-03-15 16:42 – Updated: 2024-03-15 16:42
VLAI
Summary
vantage6's CORS settings overly permissive
Details

Impact

The vantage6 server has no restrictions on CORS settings. It should be possible for people to set the allowed origins of the server.

The impact is limited because v6 does not use session cookies

Patches

No

Workarounds

No

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 4.2.2"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "vantage6"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.3.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-23823"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863",
      "CWE-942"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-03-15T16:42:55Z",
    "nvd_published_at": "2024-03-14T19:15:49Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nThe vantage6 server has no restrictions on CORS settings. It should be possible for people to set the allowed origins of the server. \n\nThe impact is limited because v6 does not use session cookies\n\n### Patches\nNo\n\n### Workarounds\nNo",
  "id": "GHSA-4946-85pr-fvxh",
  "modified": "2024-03-15T16:42:55Z",
  "published": "2024-03-15T16:42:55Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/vantage6/vantage6/security/advisories/GHSA-4946-85pr-fvxh"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23823"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vantage6/vantage6/commit/70bb4e1d889230a841eb364d6c03accd7dd01a41"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/vantage6/vantage6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "vantage6\u0027s CORS settings overly permissive"
}

GHSA-4CQ7-5C7C-CC5R

Vulnerability from github – Published: 2026-06-29 18:31 – Updated: 2026-06-29 18:31
VLAI
Details

Papermark through 0.22.0 contains a cross-origin resource sharing (CORS) misconfiguration vulnerability that allows unauthenticated remote attackers to perform credentialed cross-origin requests by exploiting the TUS-based viewer upload endpoint reflecting arbitrary request Origins with Access-Control-Allow-Credentials set to true. Attackers can lure authenticated victims to malicious pages that silently issue credentialed cross-origin requests to upload arbitrary files into victim datarooms and read credentialed responses.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-57957"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-942"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-29T18:16:41Z",
    "severity": "LOW"
  },
  "details": "Papermark through 0.22.0 contains a cross-origin resource sharing (CORS) misconfiguration vulnerability that allows unauthenticated remote attackers to perform credentialed cross-origin requests by exploiting the TUS-based viewer upload endpoint reflecting arbitrary request Origins with Access-Control-Allow-Credentials set to true. Attackers can lure authenticated victims to malicious pages that silently issue credentialed cross-origin requests to upload arbitrary files into victim datarooms and read credentialed responses.",
  "id": "GHSA-4cq7-5c7c-cc5r",
  "modified": "2026-06-29T18:31:56Z",
  "published": "2026-06-29T18:31:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-57957"
    },
    {
      "type": "WEB",
      "url": "https://github.com/papermark/papermark/issues/2178"
    },
    {
      "type": "WEB",
      "url": "https://github.com/AstoKr/papermark/pull/1"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/papermark-cors-misconfiguration-in-viewer-upload-endpoint"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-4XQM-4P72-87H6

Vulnerability from github – Published: 2023-07-06 22:55 – Updated: 2023-07-06 22:55
VLAI
Summary
Sentry CORS misconfiguration
Details

Impact

The Sentry API incorrectly returns the access-control-allow-credentials: true HTTP header if the Origin request header ends with the system.base-hostname option of Sentry installation. This only affects installations that have system.base-hostname option explicitly set, as it is empty by default.

Impact is limited since recent versions of major browsers have cross-site cookie blocking enabled by default. However, this flaw could allow other multi-step attacks.

Patches

The patch has been released in Sentry 23.6.2.

Workarounds

For Sentry SaaS customers, no action is needed.

For self-hosted Sentry installations that have system.base-hostname explicitly set, it is recommended to upgrade the installation to 23.6.2 or higher. There are no known workarounds.

References

Credits

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "sentry"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "23.6.0"
            },
            {
              "fixed": "23.6.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-36829"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-697",
      "CWE-863",
      "CWE-942"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-06T22:55:44Z",
    "nvd_published_at": "2023-07-06T23:15:09Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nThe Sentry API incorrectly returns the `access-control-allow-credentials: true` HTTP header if the `Origin` request header ends with the `system.base-hostname` option of Sentry installation. This only affects installations that have `system.base-hostname` option explicitly set, as it is empty by default.\n\nImpact is limited since recent versions of major browsers have cross-site cookie blocking enabled by default. However, this flaw could allow other multi-step attacks.\n\n### Patches\nThe patch has been released in [Sentry 23.6.2](https://github.com/getsentry/self-hosted/releases/tag/23.6.2).\n\n### Workarounds\n\nFor Sentry SaaS customers, no action is needed.\n\nFor self-hosted Sentry installations that have `system.base-hostname` explicitly set, it is recommended to upgrade the installation to 23.6.2 or higher. There are no known workarounds.\n\n### References\n- [getsentry/sentry PR #52276](https://github.com/getsentry/sentry/pull/52276)\n\n### Credits\n- [@andr0idp4r4n0id](https://twitter.com/andr0idp4r4n0id)",
  "id": "GHSA-4xqm-4p72-87h6",
  "modified": "2023-07-06T22:55:44Z",
  "published": "2023-07-06T22:55:44Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/getsentry/sentry/security/advisories/GHSA-4xqm-4p72-87h6"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36829"
    },
    {
      "type": "WEB",
      "url": "https://github.com/getsentry/sentry/pull/52276"
    },
    {
      "type": "WEB",
      "url": "https://github.com/getsentry/sentry/commit/19248fb9802c252665b802aeab02fdc65ed47dc9"
    },
    {
      "type": "WEB",
      "url": "https://github.com/getsentry/sentry/commit/ee44c6be35e5e464bc40637580f39867898acd8b"
    },
    {
      "type": "WEB",
      "url": "https://github.com/getsentry/self-hosted/releases/tag/23.6.2"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/getsentry/sentry"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/sentry/PYSEC-2023-115.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Sentry CORS misconfiguration"
}

GHSA-5FR5-2C3F-3FCR

Vulnerability from github – Published: 2026-06-19 00:31 – Updated: 2026-06-19 00:31
VLAI
Details

PraisonAI before 1.5.128 contains a cross-origin agent execution vulnerability in the AGUI endpoint that allows remote attackers to trigger arbitrary agent execution. The POST /agui endpoint lacks authentication and hardcodes Access-Control-Allow-Origin: * headers, combined with Starlette's Content-Type-agnostic JSON parsing, enabling attackers to bypass CORS preflight checks via simple requests and exfiltrate sensitive agent responses including tool execution results and environment data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-56076"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-942"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-18T23:16:19Z",
    "severity": "HIGH"
  },
  "details": "PraisonAI before 1.5.128 contains a cross-origin agent execution vulnerability in the AGUI endpoint that allows remote attackers to trigger arbitrary agent execution. The POST /agui endpoint lacks authentication and hardcodes Access-Control-Allow-Origin: * headers, combined with Starlette\u0027s Content-Type-agnostic JSON parsing, enabling attackers to bypass CORS preflight checks via simple requests and exfiltrate sensitive agent responses including tool execution results and environment data.",
  "id": "GHSA-5fr5-2c3f-3fcr",
  "modified": "2026-06-19T00:31:37Z",
  "published": "2026-06-19T00:31:37Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-x462-jjpc-q4q4"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-56076"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/praisonai-cross-origin-agent-execution-via-hardcoded-wildcard-cors-and-missing-authentication-on-agui-endpoint"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-5QWW-R3F5-W3W9

Vulnerability from github – Published: 2023-02-01 15:30 – Updated: 2023-02-08 21:30
VLAI
Details

Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing (CORS).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-47717"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668",
      "CWE-942"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-01T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing (CORS).",
  "id": "GHSA-5qww-r3f5-w3w9",
  "modified": "2023-02-08T21:30:19Z",
  "published": "2023-02-01T15:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47717"
    },
    {
      "type": "WEB",
      "url": "https://github.com/l00neyhacker/CVE-2022-47717"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-62GP-CQPW-RGH4

Vulnerability from github – Published: 2024-11-11 21:31 – Updated: 2024-11-11 21:31
VLAI
Details

In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-10315"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-942"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-11T20:15:17Z",
    "severity": "MODERATE"
  },
  "details": "In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6",
  "id": "GHSA-62gp-cqpw-rgh4",
  "modified": "2024-11-11T21:31:48Z",
  "published": "2024-11-11T21:31:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10315"
    },
    {
      "type": "WEB",
      "url": "https://portal.perforce.com/s/detail/a91PA000001SZVJYA4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation
Architecture and Design Operation

Strategy: Attack Surface Reduction

Define a restrictive Content Security Policy [REF-1486] or cross-domain policy file.

Mitigation
Architecture and Design Operation

Strategy: Attack Surface Reduction

Avoid using wildcards in the CSP / cross-domain policy file. Any domain matching the wildcard expression will be implicitly trusted, and can perform two-way interaction with the target server.

Mitigation
Architecture and Design Operation

Strategy: Environment Hardening

For Flash, modify crossdomain.xml to use meta-policy options such as 'master-only' or 'none' to reduce the possibility of an attacker planting extraneous cross-domain policy files on a server.

No CAPEC attack patterns related to this CWE.