CVE-2026-46416
Description
Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO creates one shared UFOWebSocketHandler instance and reuses it for multiple authenticated WebSocket connections. The handler stores per-connection protocol objects in mutable instance fields. Each new WebSocket connection overwrites those fields. Later, message handlers send responses through the shared fields instead of through protocol objects bound to the originating connection. As a result, the most recently connected authenticated client can receive protocol responses that belong to another authenticated client.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Microsoft UFO 3.0.1-4-ge2626659 shares a single WebSocket handler instance across authenticated connections, causing per-connection state overwrites and cross-client response hijacking.
Vulnerability
Microsoft UFO versions 3.0.1-4-ge2626659 and earlier create a single UFOWebSocketHandler instance that is reused for all authenticated WebSocket connections [1]. The handler stores per-connection protocol objects (e.g., self.transport, self.registration_protocol, self.heartbeat_protocol, self.device_info_protocol, self.task_protocol) in mutable instance fields. Each new connection overwrites these fields, so the last connected client's protocol objects become the active ones for the entire handler [1].
Exploitation
An attacker must have valid authentication to establish a WebSocket connection to the /ws endpoint. By connecting after a victim client, the attacker's protocol objects overwrite the shared fields. Subsequent message handlers then send responses through the attacker's protocol objects instead of the victim's, causing the attacker to receive protocol responses intended for the victim [1]. No additional user interaction or race condition is required beyond the order of connections.
Impact
A successfully exploited attacker can receive protocol responses belonging to another authenticated client, including device_info_response (containing system information of the victim's device) and task acknowledgments [1]. This constitutes an authenticated cross-client WebSocket response hijack / session confusion, leading to information disclosure of sensitive device and task data.
Mitigation
As of the advisory publication date, no official patch has been released for this vulnerability [1]. Users should monitor the Microsoft UFO repository for updates and apply any fix that addresses the shared handler state. No workaround is available; the architecture requires redesigning the handler to use per-connection protocol objects.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"A single shared UFOWebSocketHandler instance stores per-connection protocol objects in mutable instance fields that are overwritten by each new WebSocket connection."
Attack vector
An authenticated client holding a valid shared WebSocket server token connects to the UFO `/ws` endpoint, which reuses a single `UFOWebSocketHandler` instance. When a second or third authenticated client connects, their per-connection protocol objects overwrite the shared handler's instance fields (`self.transport`, `self.heartbeat_protocol`, `self.device_info_protocol`, `self.task_protocol`). Subsequent message handling dispatches responses (e.g., `device_info_response`, task acknowledgments, heartbeat acknowledgments) through whichever protocol object is currently stored — meaning the most recently connected client receives responses intended for a different client [ref_id=1].
Affected code
The shared `UFOWebSocketHandler` instance is created once and reused for all `/ws` connections. Per-connection protocol objects (`self.transport`, `self.heartbeat_protocol`, `self.device_info_protocol`, `self.task_protocol`) are stored as mutable instance fields on this shared handler. Each new WebSocket connection overwrites these fields, and message handlers later send responses through the shared fields rather than through connection-bound protocol objects [ref_id=1].
What the fix does
The advisory does not include a published patch. The recommended remediation is to restructure `UFOWebSocketHandler` so that per-connection protocol objects are bound to each individual WebSocket connection rather than stored as mutable instance fields on a shared handler instance. Each connection should maintain its own `transport`, `heartbeat_protocol`, `device_info_protocol`, and `task_protocol` objects, and message handlers must dispatch responses through the protocol objects associated with the originating connection [ref_id=1].
Preconditions
- authAttacker must possess a valid shared UFO WebSocket server token (authenticated access)
- networkAttacker must be able to establish a WebSocket connection to the UFO /ws endpoint after another client has connected
- configThe UFO server must be running a version at commit e2626659 or earlier with the shared handler pattern
Reproduction
The advisory includes a full PoC script. To reproduce: clone the UFO repository at commit `e2626659`, save the PoC as `/tmp/ufo_shared_handler_poc.py`, set `UFO_REPO_ROOT=/tmp/UFO`, and run `python -B /tmp/ufo_shared_handler_poc.py`. The script demonstrates two effects: (1) a device-info response requested by one client is delivered to a later-connected observer client, and (2) a task acknowledgment for one device client is delivered to a different later-connected client [ref_id=1].
Generated on May 27, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1News mentions
0No linked articles in our index yet.