{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/inkeep/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-8321"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["agents"],"_cs_severities":["high"],"_cs_tags":["cve-2026-8321","authentication bypass","inkeep"],"_cs_type":"advisory","_cs_vendors":["inkeep"],"content_html":"\u003cp\u003eA critical authentication bypass vulnerability, identified as CVE-2026-8321, has been discovered in Inkeep Agents version 0.58.14. The flaw exists within the \u003ccode\u003ecreateDevContext\u003c/code\u003e function located in the \u003ccode\u003eagents-api/src/middleware/runAuth.ts\u003c/code\u003e file, which is part of the \u003ccode\u003erunAuth\u003c/code\u003e Middleware component. This vulnerability enables attackers to bypass authentication by manipulating requests to use an alternate channel. The vulnerability can be exploited remotely without requiring any prior authentication. Public exploits are available, increasing the risk of exploitation. The vendor has been notified but has not yet responded.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies an Inkeep Agents instance running version 0.58.14.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious request targeting the \u003ccode\u003ecreateDevContext\u003c/code\u003e function within the \u003ccode\u003eagents-api/src/middleware/runAuth.ts\u003c/code\u003e file.\u003c/li\u003e\n\u003cli\u003eThe crafted request manipulates parameters to exploit the authentication bypass vulnerability.\u003c/li\u003e\n\u003cli\u003eThe vulnerable \u003ccode\u003ecreateDevContext\u003c/code\u003e function improperly validates or skips authentication checks based on the manipulated parameters.\u003c/li\u003e\n\u003cli\u003eThe system grants the attacker unauthorized access to protected resources or functionalities.\u003c/li\u003e\n\u003cli\u003eThe attacker performs privileged actions, such as accessing sensitive data or modifying system configurations, due to the bypassed authentication.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-8321 allows unauthenticated remote attackers to bypass authentication mechanisms in Inkeep Agents 0.58.14. This can lead to unauthorized access to sensitive information, modification of system configurations, or execution of privileged operations. The vulnerability is remotely exploitable and has a public exploit, increasing the likelihood of widespread attacks.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests targeting the \u003ccode\u003ecreateDevContext\u003c/code\u003e function in \u003ccode\u003eagents-api/src/middleware/runAuth.ts\u003c/code\u003e (See Sigma rule \u003ccode\u003eDetect CVE-2026-8321 Exploitation — Inkeep Agents Authentication Bypass\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eApply any available patches or updates released by Inkeep to address CVE-2026-8321.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-11T20:26:45Z","date_published":"2026-05-11T20:26:45Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-8321-inkeep-auth-bypass/","summary":"CVE-2026-8321 is an authentication bypass vulnerability in the createDevContext function of Inkeep Agents 0.58.14, allowing remote attackers to bypass authentication via alternate channels.","title":"Inkeep Agents Authentication Bypass Vulnerability (CVE-2026-8321)","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-8321-inkeep-auth-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Inkeep","version":"https://jsonfeed.org/version/1.1"}