Browse all 6 CVE security advisories affecting OpenBMB. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Paused |
|---|---|---|---|---|
| CVE-2026-4959 | OpenBMB XAgent ShareServer WebSocket Endpoint share.py check_user missing authentication — XAgentCWE-306 | 7.3 | High | 2026-03-27 |
| CVE-2026-4958 | OpenBMB XAgent WebSocket Endpoint replayer.py ReplayServer.send_data authorization — XAgentCWE-639 | 3.1 | Low | 2026-03-27 |
| CVE-2026-4957 | OpenBMB XAgent API Key function_handler.py FunctionHandler.handle_tool_call log file — XAgentCWE-532 | 2.7 | Low | 2026-03-27 |
| CVE-2026-3954 | OpenBMB XAgent workspace.py workspace path traversal — XAgentCWE-22 | 6.5 | Medium | 2026-03-11 |
| CVE-2025-6281 | OpenBMB XAgent community path traversal — XAgentCWE-22 | 5.5 | Medium | 2025-06-19 |
| CVE-2024-2007 | OpenBMB XAgent Privileged Mode sandbox — XAgentCWE-265 | 5.3 | Medium | 2024-02-29 |
This page lists every published CVE security advisory associated with OpenBMB. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.