CVE-2026-4958
Received Received - Intake
Authorization Bypass in OpenBMB XAgent WebSocket Endpoint

Publication date: 2026-03-27

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability has been found in OpenBMB XAgent 1.0.0. This affects the function ReplayServer.on_connect/ReplayServer.send_data of the file XAgentServer/application/websockets/replayer.py of the component WebSocket Endpoint. Such manipulation of the argument interaction_id leads to authorization bypass. The attack may be launched remotely. Attacks of this nature are highly complex. The exploitability is reported as difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-27
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-03-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-4958
EUVD
EUVD-2026-16690
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openbmb xagent 1.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-285 The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

CVE-2026-4958 allows unauthorized access to sensitive user data, including third-party API keys and detailed user interaction histories. This exposure of sensitive information to unauthorized actors can lead to violations of data protection regulations such as GDPR and HIPAA, which mandate strict controls over personal and sensitive data confidentiality and access.

The vulnerability results in a high confidentiality impact due to the theft of credentials and user data, which could compromise user privacy and security obligations required by these standards.

Since the vulnerability enables any authenticated user to bypass authorization checks and access other users' data without proper consent or controls, it undermines compliance requirements related to data access controls, user consent, and data minimization.

Executive Summary

CVE-2026-4958 is a critical Insecure Direct Object Reference (IDOR) vulnerability in the XAgent software, specifically in the WebSocket endpoint `/ws/replay/{interaction_id}`. The vulnerability arises because the server only checks if a user is authenticated but does not verify if the user owns the requested interaction_id. This allows any authenticated user to access and replay the complete execution history of any other user's interactions.

Additionally, third-party API keys are stored in plaintext in the database without masking or redaction. An attacker can exploit this by connecting to the replay WebSocket endpoint with a victim's interaction_id and receive all the raw data, including sensitive API keys, without needing special privileges or victim interaction.

Impact Analysis

This vulnerability can have severe impacts including:

  • Complete theft of third-party API credentials belonging to other users.
  • Full read access to other users' interaction histories, including their goals, plans, tool arguments, and results.
  • Ability for an attacker with only a low-privilege authenticated account to enumerate all finished interactions and systematically harvest credentials.
  • No victim interaction is required after the API key is stored, making the attack easier to perform once the data is present.
Detection Guidance

This vulnerability can be detected by monitoring WebSocket connections to the endpoint `/ws/replay/{interaction_id}` and checking if unauthorized users are able to access replay data for interaction IDs they do not own.

Detection can involve inspecting WebSocket traffic for unauthorized access attempts or replay streams containing sensitive API keys.

Suggested commands include using WebSocket client tools or network traffic analyzers (e.g., `websocat`, `wscat`, or Wireshark) to connect to the replay endpoint and verify if replay data is accessible without proper ownership verification.

  • Use `wscat` to connect to the replay endpoint: `wscat -c ws://<server>/ws/replay/<interaction_id>` after authenticating with a low-privilege user account.
  • Monitor network traffic with Wireshark filtering on WebSocket frames to detect unauthorized data streams containing API keys.
  • Query API endpoints like `/conv/getConvList` or `/conv/init_conv_env` to enumerate interaction IDs and test access to those IDs via the replay WebSocket.
Mitigation Strategies

Immediate mitigation steps include restricting access to the replay WebSocket endpoint to only authorized users who own the requested interaction IDs.

Since no patches or fixes are available, consider disabling or restricting the `/ws/replay/{interaction_id}` endpoint to prevent unauthorized replay access.

Limit user privileges to prevent low-privilege accounts from accessing sensitive replay data.

Monitor and audit usage of the replay endpoint and API keys stored in the database to detect suspicious activity.

If possible, rotate any exposed third-party API keys to prevent misuse.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4958. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart