Platform
python
Component
531ec6b169f4b9ecbc8c2f0b2cd7c5ee
Fixed in
1.0.1
CVE-2026-4959 is an authentication bypass vulnerability discovered in OpenBMB XAgent versions 1.0.0 through 1.0.0. This flaw allows attackers to bypass authentication checks by manipulating the interaction_id parameter within the ShareServer WebSocket Endpoint. Successful exploitation could lead to unauthorized access and potential data compromise. A public exploit is available, highlighting the urgency of remediation.
The primary impact of CVE-2026-4959 is the potential for unauthorized access to resources protected by the XAgent system. An attacker can exploit this vulnerability to bypass authentication and gain access to sensitive data or functionality without proper credentials. This could involve reading confidential information, modifying data, or even executing arbitrary code depending on the system's overall architecture and permissions. The public availability of an exploit significantly increases the risk, as it lowers the barrier to entry for malicious actors. Given the WebSocket nature of the endpoint, an attacker could potentially establish persistent connections and maintain unauthorized access.
CVE-2026-4959 is currently considered a high-risk vulnerability due to the availability of a public proof-of-concept exploit. The vulnerability was disclosed on 2026-03-27. The vendor, OpenBMB, was notified but did not respond. The EPSS score is likely to be medium to high, reflecting the ease of exploitation and potential impact. Active exploitation is probable given the public exploit.
Exploit Status
EPSS
0.07% (22% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-4959 is to upgrade to a patched version of OpenBMB XAgent as soon as it becomes available. Since no fixed version is provided, immediate action is critical. As a temporary workaround, consider implementing strict input validation on the interactionid parameter within the ShareServer WebSocket Endpoint. This could involve whitelisting allowed characters or enforcing length restrictions. Additionally, implement a Web Application Firewall (WAF) rule to block requests with suspicious interactionid values. Monitor WebSocket traffic for unusual patterns or unauthorized connections. After implementing mitigations, verify their effectiveness by attempting to reproduce the vulnerability with a test exploit.
Update to a patched version that implements proper authentication in the ShareServer WebSocket Endpoint. Since the vendor has not responded, it is recommended to review the source code and apply a patch manually to validate the user's identity before allowing access to the check_user function.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-4959 is a vulnerability in OpenBMB XAgent versions 1.0.0–1.0.0 that allows attackers to bypass authentication by manipulating the interaction_id parameter, potentially leading to unauthorized access.
If you are using OpenBMB XAgent version 1.0.0, you are potentially affected by this vulnerability. Immediate action is required.
Upgrade to a patched version of OpenBMB XAgent as soon as it becomes available. Until then, implement input validation and WAF rules as temporary mitigations.
Yes, a public exploit exists, indicating a high probability of active exploitation.
As of the disclosure date, OpenBMB has not released an official advisory. Monitor OpenBMB's website and security mailing lists for updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.