Executive Summary

CVE-2026-4957 is a vulnerability in OpenBMB XAgent version 1.0.0 where API keys are not properly masked in logs and WebSocket communications. Specifically, the function handle_tool_call in function_handler.py logs API keys in plaintext, exposing sensitive credentials.

The issue arose because a partial fix only masked API keys in some files but missed critical logging in function_handler.py. As a result, API keys appear in log files and are also sent unmasked over WebSocket channels.

Attackers who are authenticated users can exploit this by submitting tasks that invoke vulnerable tools with API keys, allowing them to retrieve these keys either from logs (via a path traversal exploit) or directly from WebSocket data.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by monitoring log files and WebSocket traffic for plaintext API keys being exposed.

Specifically, check the interact.log file for unmasked API keys and inspect WebSocket communications on the /ws/base/{id} channel for sensitive data leakage.

Commands to detect the vulnerability might include:

• Use grep or similar tools to search for API keys in logs, e.g., `grep -i api_key /path/to/interact.log`.
• Monitor WebSocket traffic using tools like `websocat` or browser developer tools to inspect messages on the `/ws/base/{id}` endpoint for plaintext API keys.
• Check database entries in the MySQL `raw` table for unmasked API keys if you have access.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include restricting access to log files and WebSocket channels to trusted users only, as the vulnerability allows authenticated users to retrieve plaintext API keys.

Since no fully patched version is available, consider:

• Limiting or disabling the use of vulnerable tools that accept the api_key parameter until a proper fix is applied.
• Implementing network-level controls to restrict access to the WebSocket endpoint and the POST /workspace/file endpoint to prevent exploitation.
• Regularly auditing logs and database entries for exposed API keys and rotating any compromised credentials immediately.
• Monitoring for updates or patches from the vendor or community to apply a complete fix once available.

Useful 0 Not Useful 0

Compliance Impact

This vulnerability causes sensitive API keys to be logged in plaintext and transmitted over WebSocket channels without redaction, leading to unauthorized disclosure of sensitive credentials.

Such exposure of sensitive information can violate data protection requirements in common standards and regulations like GDPR and HIPAA, which mandate the protection of sensitive data and credentials from unauthorized access and disclosure.

The vulnerability enables credential theft in multi-tenant environments, increasing the risk of unauthorized access to protected systems and data, which can result in non-compliance with these regulations.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to the theft of sensitive third-party API credentials by any authenticated user of XAgent, including those with low privileges.

• Credential disclosure: API keys are exposed in plaintext in logs and WebSocket communications.
• Multi-tenant risk: In environments where multiple users share the system, one user can steal API keys belonging to others.
• Potential unauthorized access to third-party services using stolen API keys.

The vulnerability is remotely exploitable with low complexity and requires only low-privilege authentication, increasing the risk of exploitation.

Useful 0 Not Useful 0