CVE-2026-45226— Heym < 0.0.21 Authorization Bypass in Workflow Execution
Possible ATT&CK Techniques 3AI
T1136 · Create Account T1059 · Command and Scripting Interpreter T1098 · Account ManipulationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-45226
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Heym < 0.0.21 Authorization Bypass in Workflow Execution
Source: NVD (National Vulnerability Database)
Vulnerability Description
Heym before 0.0.21 contains an authorization bypass vulnerability in workflow execution that allows authenticated users to execute arbitrary workflows by referencing victim workflow UUIDs without proper access validation. Attackers can create workflows with execute nodes or agent subWorkflowIds pointing to victim workflow UUIDs to load and execute those workflows under attacker-controlled execution paths, exposing victim workflow outputs and triggering workflow nodes with unintended side effects.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制不正确
Source: NVD (National Vulnerability Database)
Vulnerability Title
Heym 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Heym是heymrun开源的一个AI原生工作流自动化平台。 Heym 0.0.21之前版本存在安全漏洞,该漏洞源于工作流执行中存在授权绕过,可能导致经过身份验证的用户通过引用受害者工作流UUID执行任意工作流。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-45226
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
Qwen3.6-35B-A3B · 8013 chars
Paid plan includes:
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month
III. Intelligence Information for CVE-2026-45226
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-45226 (3)
- 🔗 Release v0.0.21 · heymrun/heym · GitHubrelease-notes
Vendor Advisories for CVE-2026-45226 (1)
Same Patch Batch · heymrun · 2026-05-12 · 3 CVEs total
| CVE-2026-45227 | 8.8 HIGH | Heym < 0.0.21 Sandbox Escape via Python Introspection |
| CVE-2026-45225 | 7.6 HIGH | Heym < 0.0.21 Path Traversal File Upload via upload_file() |
IV. Related Vulnerabilities
Same weakness: CWE-863
- CVE-2026-45081
Frappe HR: Permission Bypass in HRMS Leave Details API - CVE-2026-45718
Budibase: Row Action Trigger Bypasses View Row Filter Securi - CVE-2026-48152
Budibase: Basic app users can exfiltrate stored REST datasou - CVE-2026-44330
free5GC: NEF nnef-pfdmanagement API is unauthenticated; forg - CVE-2026-44838
RabbitMQ MQTT Topic Permission Authorization Bypass
V. Comments for CVE-2026-45226
No comments yet