Description
An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
Published: 2026-04-27
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: Denial of Service
Action: Apply Fix
AI Analysis

Impact

An attacker can send a crafted POST request to the /store/items/search endpoint of the Agent Protocol server and force the service into a state where it can no longer respond to legitimate traffic, effectively disrupting availability. This vulnerability is an instance of uncontrolled resource consumption as defined by CWE-400 and can lead to a complete denial of service on the affected system.

Affected Systems

The affected component is the Agent Protocol server, but the vendor and specific product names are not listed in the available data. No version or configuration details are provided, so the scope of affected infrastructure remains unclear beyond the presence of the /store/items/search endpoint.

Risk and Exploitability

The vulnerability carries a CVSS score of 7.5, indicating a high severity and a significant impact on service availability. The EPSS score is not available, so the current probability of exploitation cannot be quantified. It is not listed in the CISA KEV catalog, suggesting no confirmed exploitation in the wild yet. The attack can be performed remotely with a crafted POST request; authentication requirements are not specified, so it is inferred that the request may be unauthenticated or that minimal credentials are required.

Generated by OpenCVE AI on April 28, 2026 at 04:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor-released patch or upgrade the Agent Protocol server to a version that includes a fix for the DoS vulnerability.
  • Implement input validation and enforce size or rate limits on the /store/items/search endpoint to prevent resource exhaustion.
  • Configure network devices or a load balancer to detect and block excessive or malformed POST requests targeting the vulnerable endpoint.

Generated by OpenCVE AI on April 28, 2026 at 04:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Ibbybuilds
Ibbybuilds aegra
Vendors & Products Ibbybuilds
Ibbybuilds aegra

Tue, 28 Apr 2026 05:15:00 +0000

Type Values Removed Values Added
Title Denial of Service via Crafted POST Request to /store/items/search on Agent Protocol Server

Mon, 27 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 27 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
References

Subscriptions

Ibbybuilds Aegra
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-27T20:11:14.133Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30350

cve-icon Vulnrichment

Updated: 2026-04-27T20:11:06.241Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-27T15:16:08.570

Modified: 2026-04-27T21:16:33.383

Link: CVE-2026-30350

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T09:17:40Z

Weaknesses