Approved changes feed: RSS · Atom
cpe:2.3:a:aegra:aegra:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Aegra (dd787940-c30e-5323-970c-159a6e6186a9) |
|---|---|
| Product | Aegra (6dc11865-fa4f-5e9c-8503-b08c8b9d24c8) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-44504 |
vulnerable | 2026-06-08 08:05:11.127580 |
Aegra: Cross-user run injection in /threads/{thread_id}/runs (IDOR)
Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, given another user's thread_id, can execute graph runs against the user's thread, read the user's full checkpoint state, and inject arbitrary messages into the user's conversation history. This vulnerability is fixed in 0.9.7.
Published: 2026-05-14T15:52:30.547Z
Updated: 2026-05-16T00:38:24.939Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.