Description
A vulnerability was found in HKUDS AI-Trader up to 74caf996f78dcc0c657df8365c8544678a16e215. This affects an unknown part of the file /api/research/agents.csv of the component Research Export. Performing a manipulation results in information disclosure. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The patch is named 91a31aac1b0f4dbc6b8bef9f6eff0b7912e0bc65. Applying a patch is the recommended action to fix this issue. The vendor confirms: "Research export endpoints now require an authenticated agent with the research_exports capability".
Published: 2026-06-15
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability in the Research Export component of HKUDS AI‑Trader allows attackers to manipulate the /api/research/agents.csv endpoint and retrieve sensitive agent data. The flaw exposes confidential information and is exploitable from a remote location. The compromise can occur without any authentic credential because the endpoint did not properly enforce authentication prior to the fix. The vulnerability is catalogued as Information Disclosure (CWE‑200) and Improper Access Control (CWE‑284).

Affected Systems

Systems running HKUDS AI‑Trader versions prior to the patch commit 91a31aac1b0f4dbc6b8bef9f6eff0b7912e0bc65 are affected. The product follows a rolling‑release model, so any release that includes commits after 74caf996f78dcc0c657df8365c8544678a16e215 but before the fixed commit may still be vulnerable. Administrators should check the current revision against the patch and apply the recent commit or release that incorporates it.

Risk and Exploitability

The CVSS base score of 6.9 indicates moderate severity. Although EPSS data is not available, the vulnerability has a publicly available exploit and can be performed over the network by sending crafted requests to the exposed endpoint. The vulnerability is not listed in the CISA KEV catalogue, but its public availability and ease of exploitation raise the risk. Immediate action to stop unauthenticated access and apply the fix is strongly recommended.

Generated by OpenCVE AI on June 15, 2026 at 03:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor patch identified by commit 91a31aac1b0f4dbc6b8bef9f6eff0b7912e0bc65 to the AI‑Trader codebase or deploy an updated release that includes the fix.
  • Configure the research export endpoint to enforce authentication using the research_exports capability, ensuring only authorized agents can access the /api/research/agents.csv resource.
  • Monitor API access logs for attempts to retrieve /api/research/agents.csv without proper authentication and set up alerts for suspicious activity.

Generated by OpenCVE AI on June 15, 2026 at 03:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 15 Jun 2026 02:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in HKUDS AI-Trader up to 74caf996f78dcc0c657df8365c8544678a16e215. This affects an unknown part of the file /api/research/agents.csv of the component Research Export. Performing a manipulation results in information disclosure. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The patch is named 91a31aac1b0f4dbc6b8bef9f6eff0b7912e0bc65. Applying a patch is the recommended action to fix this issue. The vendor confirms: "Research export endpoints now require an authenticated agent with the research_exports capability".
Title HKUDS AI-Trader Research Export agents.csv information disclosure
First Time appeared Hkuds
Hkuds ai-trader
Weaknesses CWE-200
CWE-284
CPEs cpe:2.3:a:hkuds:ai-trader:*:*:*:*:*:*:*:*
Vendors & Products Hkuds
Hkuds ai-trader
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Hkuds Ai-trader
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-15T01:00:14.619Z

Reserved: 2026-06-14T11:51:13.067Z

Link: CVE-2026-12203

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-15T02:16:12.100

Modified: 2026-06-15T02:16:12.100

Link: CVE-2026-12203

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-15T04:00:10Z

Weaknesses
  • CWE-200

    Exposure of Sensitive Information to an Unauthorized Actor

  • CWE-284

    Improper Access Control