High severity7.3NVD Advisory· Published May 11, 2026· Updated May 12, 2026
CVE-2026-8321
CVE-2026-8321
Description
A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function createDevContext of the file agents-api/src/middleware/runAuth.ts of the component runAuth Middleware. Performing a manipulation results in authentication bypass using alternate channel. The attack is possible to be carried out remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4News mentions
50- The Boring Stuff is Dangerous NowDark Reading · May 18, 2026
- Microsoft Exchange, Windows 11 hacked on second day of Pwn2OwnBleepingComputer · May 15, 2026
- Living Off the Pipeline: Defending Against CI/CD SubversionSentinelOne Labs · May 15, 2026
- Akamai to acquire LayerX for $205 millionHelp Net Security · May 15, 2026
- TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source CodeSecurityWeek · May 15, 2026
- Keycard helps developers secure autonomous AI agents with scoped accessHelp Net Security · May 15, 2026
- Bring out your dead: How agentic AI for cybersecurity helps you rid your cloud of forgotten, risky assetsTenable Blog · May 14, 2026
- Enhancing Data Center Security Without Sacrificing PerformanceSecurityWeek · May 14, 2026
- HYCU aiR detects insider risk and AI activity from backupsHelp Net Security · May 14, 2026
- Akamai to Acquire AI and Browser Security Firm LayerX for $205 MillionSecurityWeek · May 14, 2026
- PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of DisclosureThe Hacker News · May 14, 2026
- Microsoft’s WinUI agent plugin trims token use by over 70% during developmentHelp Net Security · May 14, 2026
- Microsoft turns Copilot Studio into an AI agent control centerHelp Net Security · May 14, 2026
- Hackers Targeted PraisonAI Vulnerability Hours After DisclosureSecurityWeek · May 14, 2026
- To gain root access at this company, all an intruder had to do was ask nicelyThe Register Security · May 14, 2026
- To gain root access at this company, all an intruder had to do was ask nicelyThe Register Security · May 14, 2026
- Machine identities outnumber humans 109 to 1Help Net Security · May 14, 2026
- Welcome to the vulnpocalypse, as vendors use AI to find bugs and patches multiply like rabbitsThe Register Security · May 13, 2026
- AWS to Quick admins: The access control didn't work, but you weren't using it anyway, so what's the problem?The Register Security · May 13, 2026
- Bug hunter tracks down three massive MCP flaws and one vendor won't fix theirsThe Register Security · May 13, 2026
- Alleged Dream Market admin arrested in Germany after US indictmentThe Record · May 13, 2026
- Microsoft, Palo Alto Networks Find Many Vulnerabilities by Using AI on Their Own CodeSecurityWeek · May 13, 2026
- Sweet Security Launches Agentic AI Red Teaming to Counter ‘Mythos Moment’SecurityWeek · May 13, 2026
- Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch TuesdayThe Hacker News · May 13, 2026
- Securing data centers in the agentic AI eraTenable Blog · May 13, 2026
- LatAm Vibe Hackers Generate Custom Hacking Tools on the FlyDark Reading · May 13, 2026
- Browser Run: now running on Cloudflare Containers, it’s faster and more scalableCloudflare Blog · May 13, 2026
- 73 Seconds to Breach, 24 Hours to Patch: The Case for Autonomous ValidationBleepingComputer · May 13, 2026
- Microsoft’s agentic security system found four critical Windows RCE flawsHelp Net Security · May 13, 2026
- The hidden risk of non-human identities in AI adoptionHelp Net Security · May 13, 2026
- Fedora Hummingbird brings the container security model to a Linux host OSHelp Net Security · May 12, 2026
- Exaforce Raises $125 Million for Agentic SOC PlatformSecurityWeek · May 12, 2026
- SAP unveils Autonomous Enterprise for AI-driven business operationsHelp Net Security · May 12, 2026
- Exaforce raises $125 million to respond to AI-powered attacksHelp Net Security · May 12, 2026
- White Circle Raises $11 Million for AI Control PlatformSecurityWeek · May 12, 2026
- ThreatDown ITDR prevents credential-based attacksHelp Net Security · May 12, 2026
- Amazon Quick authorization bypass let users reach blocked AI chat agentsHelp Net Security · May 12, 2026
- Veeam Intelligent ResOps unifies data context and recoveryHelp Net Security · May 12, 2026
- How Rapid7 is bringing Cyber GRC closer to security operationsRapid7 Blog · May 12, 2026
- JetBrains TeamCity vulnerability allows privilege escalation, API exposure (CVE-2026-44413)Help Net Security · May 12, 2026
- 20 Leaders Who Built the CISO Era: 2 Decades of ChangeDark Reading · May 12, 2026
- Is the SOC Obsolete, and We Just Haven’t Admitted It Yet?SecurityWeek · May 12, 2026
- Why Agentic AI Is Security's Next Blind SpotThe Hacker News · May 12, 2026
- OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch ValidationThe Hacker News · May 12, 2026
- Tech Can't Stop These Threats — Your People CanDark Reading · May 11, 2026
- Hackers Use AI for Exploit Development, Attack AutomationDark Reading · May 11, 2026
- Alation AI Governance creates a system of record for AI oversightHelp Net Security · May 11, 2026
- SailPoint Agentic Fabric expands identity governance to autonomous AI agentsHelp Net Security · May 11, 2026
- ⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and MoreThe Hacker News · May 11, 2026
- Your Purple Team Isn't Purple — It's Just Red and Blue in the Same RoomThe Hacker News · May 11, 2026