CVE-2026-4958
LOWOpenBMB XAgent WebSocket Endpoint replayer.py ReplayServer.send_data authorization
Title source: cnaDescription
A vulnerability has been found in OpenBMB XAgent 1.0.0. This affects the function ReplayServer.on_connect/ReplayServer.send_data of the file XAgentServer/application/websockets/replayer.py of the component WebSocket Endpoint. Such manipulation of the argument interaction_id leads to authorization bypass. The attack may be launched remotely. Attacks of this nature are highly complex. The exploitability is reported as difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Scores
CVSS v3
3.1
EPSS
0.0003
EPSS Percentile
9.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-285
CWE-639
Status
published
Products (1)
OpenBMB/XAgent
1.0.0
Published
Mar 27, 2026
Tracked Since
Mar 29, 2026