VYPR
Vendor

Openbmb

Products
1
CVEs
6
Across products
6
Status
Private

Products

1

Recent CVEs

6
  • CVE-2026-4959HigMar 27, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in OpenBMB XAgent 1.0.0. This impacts the function check_user of the file XAgentServer/application/websockets/share.py of the component ShareServer WebSocket Endpoint. Performing a manipulation of the argument interaction_id results in missing…

  • CVE-2026-3954MedMar 11, 2026
    risk 0.42cvss 6.5epss 0.00

    A weakness has been identified in OpenBMB XAgent 1.0.0. Affected by this vulnerability is the function workspace of the file XAgentServer/application/routers/workspace.py. This manipulation of the argument file_name causes path traversal. The attack may be initiated remotely.…

  • CVE-2025-6281MedJun 19, 2025
    risk 0.36cvss 5.5epss 0.00

    A vulnerability has been found in OpenBMB XAgent up to 1.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /conv/community. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used.

  • CVE-2026-4958LowMar 27, 2026
    risk 0.20cvss 3.1epss 0.00

    A vulnerability has been found in OpenBMB XAgent 1.0.0. This affects the function ReplayServer.on_connect/ReplayServer.send_data of the file XAgentServer/application/websockets/replayer.py of the component WebSocket Endpoint. Such manipulation of the argument interaction_id…

  • CVE-2026-4957LowMar 27, 2026
    risk 0.18cvss 2.7epss 0.00

    A flaw has been found in OpenBMB XAgent 1.0.0. The impacted element is the function FunctionHandler.handle_tool_call of the file XAgent/function_handler.py of the component API Key Handler. This manipulation of the argument api_key causes sensitive information in log files. The…

  • CVE-2024-2007Feb 29, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in OpenBMB XAgent 1.0.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Privileged Mode. The manipulation leads to sandbox issue. The attack needs to be approached locally. The exploit has…