CVE-2026-4958 - Vulnerability Details

- OpenBMB XAgent WebSocket Endpoint replayer.py ReplayServer.send_data authorization

Description

A vulnerability has been found in OpenBMB XAgent 1.0.0. This affects the function ReplayServer.on_connect/ReplayServer.send_data of the file XAgentServer/application/websockets/replayer.py of the component WebSocket Endpoint. Such manipulation of the argument interaction_id leads to authorization bypass. The attack may be launched remotely. Attacks of this nature are highly complex. The exploitability is reported as difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Published: 2026-03-27

Score: 2.3 Low

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A flaw in the WebSocket Endpoint of OpenBMB XAgent allows an attacker to modify the interaction_id parameter sent to ReplayServer.send_data. Proper authorization checks are bypassed, giving the attacker the same privileges as a legitimate user and enabling the replay of protected data. The vulnerability is represented by weaknesses in authentication and authorization logic (CWE-285, CWE-639).

Affected Systems

The exposed defect exists in OpenBMB XAgent version 1.0.0. No other product or version information is documented as vulnerable.

Risk and Exploitability

The publicly assessed CVSS score of 2.3 denotes low overall severity, yet the flaw can be exploited over the network and the attack path is considered difficult. No EPSS score is published and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalogue. Despite the low numerical score, the ability to bypass authentication poses a non‑negligible threat to confidentiality and integrity of the XAgent replay services, especially if the WebSocket endpoint remains reachable from untrusted networks.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

OpenBMB

XAgent

affected

Version	Status	Constraints
`1.0.0`	affected	—

No data.

Vendor Product Confidence Versions

Openbmb

Xagent

95%

Version	Status	Scheme	Platform
`1.0.0`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade OpenBMB XAgent to a patched version if one is available from the vendor.
Restrict access to the WebSocket endpoint to trusted internal networks only.
Monitor WebSocket traffic for abnormal interaction_id values or anomalous activity.
Implement additional token or credential validation before processing requests with the interaction_id parameter.

Generated by OpenCVE AI on March 27, 2026 at 17:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity High

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity High

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00028.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://gist.github.com/YLChen-007/dc46c2a710ecb9e855695f32da8bcab5
https://vuldb.com/?ctiid.353835
https://vuldb.com/?id.353835
https://vuldb.com/?submit.777618

History

Mon, 30 Mar 2026 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 27 Mar 2026 16:00:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability has been found in OpenBMB XAgent 1.0.0. This affects the function ReplayServer.on_connect/ReplayServer.send_data of the file XAgentServer/application/websockets/replayer.py of the component WebSocket Endpoint. Such manipulation of the argument interaction_id leads to authorization bypass. The attack may be launched remotely. Attacks of this nature are highly complex. The exploitability is reported as difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title		OpenBMB XAgent WebSocket Endpoint replayer.py ReplayServer.send_data authorization
First Time appeared		Openbmb Openbmb xagent
Weaknesses		CWE-285 CWE-639
CPEs		cpe:2.3:a:openbmb:xagent::::::::
Vendors & Products		Openbmb Openbmb xagent
References		https://gist.github.com/YLChen-007/dc46c2a710ecb9e855695f32da8bcab5 https://vuldb.com/?ctiid.353835 https://vuldb.com/?id.353835 https://vuldb.com/?submit.777618
Metrics		cvssV2_0 `{'score': 2.1, 'vector': 'AV:N/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 3.1, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 3.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 2.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Openbmb Xagent

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-03-27T15:31:27.729Z

Updated: 2026-03-30T12:09:48.220Z

Reserved: 2026-03-27T08:07:54.929Z

Link: CVE-2026-4958

Vulnrichment

Updated: 2026-03-30T12:09:44.080Z

NVD

Status : Awaiting Analysis

Published: 2026-03-27T16:16:24.943

Modified: 2026-03-30T13:26:29.793

Link: CVE-2026-4958

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-30T07:01:35Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity High

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object