CVE-2026-5585 - Vulnerability Details

- Tencent AI-Infra-Guard Task Detail Endpoint task_manager.go information disclosure

Description

A vulnerability was found in Tencent AI-Infra-Guard 4.0. The affected element is an unknown function of the file common/websocket/task_manager.go of the component Task Detail Endpoint. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Published: 2026-04-05

Score: 6.9 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A remote attacker can exploit a flaw in Tencent AI-Infra-Guard 4.0 by manipulating an unknown function within the Task Detail Endpoint, specifically the task_manager.go module. This manipulation allows the attacker to read sensitive data that should be protected, exposing internal configurations, identifiers, or other confidential information. The weakness is classified as Information Exposure (CWE-200) coupled with Improper Access Control (CWE-284).

Affected Systems

All deployments of Tencent AI-Infra-Guard version 4.0 that expose the Task Detail Endpoint are vulnerable. The issue resides in the common/websocket/task_manager.go file and affects the endpoint that returns detailed information about tasks managed by the system. No other versions or components are listed as impacted.

Risk and Exploitability

The CVSS base score of 6.9 indicates a moderate to high risk level. The EPSS score is less than 1%, indicating a low exploitation probability, yet a public exploit exists and can be used. Attackers could trigger it remotely without local credentials, likely via HTTP(S) traffic to the unsecured Task Detail Endpoint. The vulnerability is not currently listed in the CISA KEV catalog, but public exploit availability may still lead to real‑world compromise.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Tencent

AI-Infra-Guard

affected

Version	Status	Constraints
`4.0`	affected	—

Configuration 1 [-]

cpe:2.3:a:tencent:ai-infra-guard:4.0:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Tencent

Ai-infra-guard

100%

Version	Status	Scheme	Platform
`4.0`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the vendor’s patch or upgrade to a fixed version
If a patch is not available, restrict external exposure of the Task Detail Endpoint or place it behind a firewall
Enforce strict authentication and authorization checks on the endpoint to limit access to privileged users
Monitor network and application logs for abnormal activity targeting the task_manager endpoint
Contact Tencent for additional guidance or a formal patch notification

Generated by OpenCVE AI on May 2, 2026 at 00:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00018.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://gist.github.com/YLChen-007/fe4b834144ad535d167507c2008d4011
https://vuldb.com/submit/784198
https://vuldb.com/vuln/355384
https://vuldb.com/vuln/355384/cti

History

Thu, 30 Apr 2026 21:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:tencent:ai-infra-guard:4.0:::::::*

Tue, 07 Apr 2026 00:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tencent Tencent ai-infra-guard
Vendors & Products		Tencent Tencent ai-infra-guard

Mon, 06 Apr 2026 20:00:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Sun, 05 Apr 2026 18:15:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was found in Tencent AI-Infra-Guard 4.0. The affected element is an unknown function of the file common/websocket/task_manager.go of the component Task Detail Endpoint. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title		Tencent AI-Infra-Guard Task Detail Endpoint task_manager.go information disclosure
Weaknesses		CWE-200 CWE-284
References		https://gist.github.com/YLChen-007/fe4b834144ad535d167507c2008d4011 https://vuldb.com/submit/784198 https://vuldb.com/vuln/355384 https://vuldb.com/vuln/355384/cti
Metrics		cvssV2_0 `{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Tencent Ai-infra-guard

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-04-05T17:30:10.903Z

Updated: 2026-04-06T18:01:16.859Z

Reserved: 2026-04-04T21:33:44.168Z

Link: CVE-2026-5585

Vulnrichment

Updated: 2026-04-06T18:01:11.100Z

NVD

Status : Analyzed

Published: 2026-04-05T18:16:17.277

Modified: 2026-04-30T21:16:01.717

Link: CVE-2026-5585

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-02T00:45:30Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object