NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-44504

Summary	Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, given another user's thread_id, can execute graph runs against the user's thread, read the user's full checkpoint state, and inject arbitrary messages into the user's conversation history. This vulnerability is fixed in 0.9.7.
Publication Date	May 15, 2026, 1:16 a.m.
Registration Date	May 15, 2026, 4:25 a.m.
Last Update	May 15, 2026, 3:13 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/aegra/aegra/security/advisories/GHSA-m98r-6667-4wq7	security-advisories@github.com

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-285	不適切な認可	https://cwe.mitre.org/data/definitions/285.html
2	CWE-639	ユーザ制御の鍵による認証回避	https://cwe.mitre.org/data/definitions/639.html