VYPR
← All advisories
High severity8.8NVD Advisory· Published May 27, 2026

CVE-2026-46414

CVE-2026-46414

Description

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's WebSocket control plane trusts client-supplied identity and role fields in task messages. A client connection can register as a normal device, but later send a TASK message claiming client_type="constellation" and target_id=. The server trusts the role and target values from the wire message rather than enforcing the role registered for that WebSocket connection. As a result, any authenticated WebSocket client with the shared server token can spoof the higher-privilege constellation role and dispatch attacker-controlled tasks to another connected device. The same client registry also allows duplicate client_id registration, overwriting an existing live client's stored websocket, role, and task protocol. This is an authenticated WebSocket role/identity spoofing issue leading to peer task hijacking.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Microsoft UFO's WebSocket control plane in 3.0.1-4-ge2626659 trusts client-supplied role and identity fields, allowing an authenticated client to spoof the constellation role and hijack tasks to any connected device.

Vulnerability

Microsoft UFO versions up to and including commit 3.0.1-4-ge2626659 contain an authenticated WebSocket role/identity spoofing vulnerability. The server's WebSocket control plane accepts client-provided client_type and client_id during registration (in client_manager.add_client) and later trusts those same fields from incoming TASK messages, rather than enforcing the role or identity associated with the original WebSocket connection. This allows any client authenticated with the shared server token to impersonate a higher-privileged constellation role. Additionally, the client registry permits duplicate client_id registration, which can overwrite an existing live client's stored WebSocket, role, and task protocol state [1].

Exploitation

An attacker needs a valid WebSocket connection authenticated with the shared server token (i.e., an authenticated client). The attacker first registers as a normal device using the standard registration flow. Then, the attacker sends a TASK message with client_type set to "constellation" and target_id set to the victim device's ID. The server processes the message using only the wire-supplied values, bypassing the role originally registered for that connection. Alternatively, the attacker can register with the same client_id as the victim, overwriting the victim's stored state and allowing direct task injection [1].

Impact

A successful attack results in the ability to dispatch attacker-controlled tasks to any other connected device as if the attacker were a privileged "constellation" node. This can lead to task hijacking, arbitrary task execution on victim devices, and potential disclosure or manipulation of data handled by those tasks, depending on the task's capabilities. The attacker gains unauthorized control over peer devices at the privilege level of the constellation role [1].

Mitigation

As of the available references, no patched version has been released for this vulnerability. The vendor (Microsoft) has been notified via the GitHub Security Advisory (GHSA-qgx6-cvhg-jw7p). Users should monitor the repository for an update that enforces server-side role and identity binding. In the interim, it may be possible to restrict access to the WebSocket endpoint using network controls or to rotate the shared server token if compromise is suspected. At the time of writing, this CVE is not listed in the CISA Known Exploited Vulnerabilities (KEV) Catalog [1].

References
  1. Microsoft UFO WebSocket role spoofing allows authenticated peer task hijacking

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Microsoft/Ufoinferred2 versions
    <=3.0.1-4-ge2626659+ 1 more
    • (no CPE)range: <=3.0.1-4-ge2626659
    • (no CPE)range: =3.0.1-4-ge2626659

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"The server trusts client-supplied `client_type` and `client_id` fields in WebSocket messages instead of enforcing the role registered for that connection."

Attack vector

An authenticated WebSocket client possessing the shared server token connects and registers as a normal device, supplying a self-claimed `client_id` and `client_type` [ref_id=1]. The attacker then sends a TASK message with `client_type="constellation"` and `target_id=

Affected code

The registration handler in `ufo/server/ws/handler.py` reads `client_type` and `client_id` directly from client-supplied registration data without server-side binding [ref_id=1]. The task dispatch path in the same file trusts the wire-message fields `data.client_type` and `data.client_id` rather than comparing them against the registered connection state [ref_id=1]. The `add_client()` method in `ufo/server/services/client_connection_manager.py` writes into `self.online_clients[client_id]` without any uniqueness check, allowing duplicate registration to overwrite an existing live client [ref_id=1].

What the fix does

No patch is included in the bundle. The advisory [ref_id=1] identifies the root cause as the server trusting client-supplied `client_type` and `client_id` fields in both registration and task messages without verifying them against the connection's registered role. The advisory recommends that the server bind the connection to a server-issued identity or role at registration time and enforce that role for all subsequent messages, rejecting any TASK message whose `client_type` does not match the registered connection's role. Additionally, the advisory notes that the `add_client()` method should enforce uniqueness checks or require reconnect tokens to prevent duplicate `client_id` registration from overwriting an existing live client [ref_id=1].

Preconditions

  • authAttacker must possess a valid shared UFO WebSocket server token for authentication
  • networkAttacker must be able to establish a WebSocket connection to the UFO server
  • configAt least one victim device must be registered and connected to the same UFO server

Reproduction

The bundle includes a full PoC script [ref_id=1]. Clone the UFO repository at commit `e2626659`, save the PoC as `/tmp/ufo_ws_role_spoof_poc.py`, set `UFO_REPO_ROOT` to the checkout path, and run `python -B /tmp/ufo_ws_role_spoof_poc.py`. The script registers two normal device clients, then sends a forged TASK message with `client_type="constellation"` and `target_id="victim-device"`, demonstrating that the victim's task protocol and platform are selected. It also demonstrates duplicate `client_id` registration overwriting the prior client mapping [ref_id=1].

Generated on May 27, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

1

News mentions

0

No linked articles in our index yet.