CVE-2026-4957

EUVD-2026-16658

27.03.2026, 15:17

A flaw has been found in OpenBMB XAgent 1.0.0. The impacted element is the function FunctionHandler.handle_tool_call of the file XAgent/function_handler.py of the component API Key Handler. This manipulation of the argument api_key causes sensitive information in log files. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	2.7 LOW	NETWORK	LOW	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 16%

Affected Products (NVD)

Vendor	Product	Version
openbmb	xagent	1.0.0

𝑥

= Vulnerable software versions

Known Exploits!

https://gist.github.com/YLChen-007/6279f3de0c2dff7732eaaf820843b562

Common Weakness Enumeration

References

https://gist.github.com/YLChen-007/6279f3de0c2dff7732eaaf820843b562

https://vuldb.com/?ctiid.353834

https://vuldb.com/?id.353834

https://vuldb.com/?submit.777615