CVE-2026-44504
HIGHAegra: Cross-user run injection in /threads/{thread_id}/runs (IDOR)
Title source: cnaDescription
Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, given another user's thread_id, can execute graph runs against the user's thread, read the user's full checkpoint state, and inject arbitrary messages into the user's conversation history. This vulnerability is fixed in 0.9.7.
References (1)
Core 1
Core References
X_Refsource_Confirm x_refsource_confirm
https://github.com/aegra/aegra/security/advisories/GHSA-m98r-6667-4wq7
Scores
CVSS v4
8.6
EPSS
0.0001
EPSS Percentile
3.0%
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-285
CWE-639
Status
published
Products (2)
aegra/aegra
< 0.9.7
pypi/aegra-api
0.9.0 - 0.9.7PyPI
Published
May 14, 2026
Tracked Since
May 14, 2026