CVE-2026-4958
Authorization Bypass in OpenBMB XAgent WebSocket Endpoint
Publication date: 2026-03-27
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openbmb | xagent | 1.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
| CWE-639 | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-4958 is a critical Insecure Direct Object Reference (IDOR) vulnerability in the XAgent software, specifically in the WebSocket endpoint `/ws/replay/{interaction_id}`. The vulnerability arises because the server only checks if a user is authenticated but does not verify if the user owns the requested interaction_id. This allows any authenticated user to access and replay the complete execution history of any other user's interactions.
Additionally, third-party API keys are stored in plaintext in the database without masking or redaction. An attacker can exploit this by connecting to the replay WebSocket endpoint with a victim's interaction_id and receive all the raw data, including sensitive API keys, without needing special privileges or victim interaction.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including:
- Complete theft of third-party API credentials belonging to other users.
- Full read access to other users' interaction histories, including their goals, plans, tool arguments, and results.
- Ability for an attacker with only a low-privilege authenticated account to enumerate all finished interactions and systematically harvest credentials.
- No victim interaction is required after the API key is stored, making the attack easier to perform once the data is present.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring WebSocket connections to the endpoint `/ws/replay/{interaction_id}` and checking if unauthorized users are able to access replay data for interaction IDs they do not own.
Detection can involve inspecting WebSocket traffic for unauthorized access attempts or replay streams containing sensitive API keys.
Suggested commands include using WebSocket client tools or network traffic analyzers (e.g., `websocat`, `wscat`, or Wireshark) to connect to the replay endpoint and verify if replay data is accessible without proper ownership verification.
- Use `wscat` to connect to the replay endpoint: `wscat -c ws://<server>/ws/replay/<interaction_id>` after authenticating with a low-privilege user account.
- Monitor network traffic with Wireshark filtering on WebSocket frames to detect unauthorized data streams containing API keys.
- Query API endpoints like `/conv/getConvList` or `/conv/init_conv_env` to enumerate interaction IDs and test access to those IDs via the replay WebSocket.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the replay WebSocket endpoint to only authorized users who own the requested interaction IDs.
Since no patches or fixes are available, consider disabling or restricting the `/ws/replay/{interaction_id}` endpoint to prevent unauthorized replay access.
Limit user privileges to prevent low-privilege accounts from accessing sensitive replay data.
Monitor and audit usage of the replay endpoint and API keys stored in the database to detect suspicious activity.
If possible, rotate any exposed third-party API keys to prevent misuse.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
CVE-2026-4958 allows unauthorized access to sensitive user data, including third-party API keys and detailed user interaction histories. This exposure of sensitive information to unauthorized actors can lead to violations of data protection regulations such as GDPR and HIPAA, which mandate strict controls over personal and sensitive data confidentiality and access.
The vulnerability results in a high confidentiality impact due to the theft of credentials and user data, which could compromise user privacy and security obligations required by these standards.
Since the vulnerability enables any authenticated user to bypass authorization checks and access other users' data without proper consent or controls, it undermines compliance requirements related to data access controls, user consent, and data minimization.