{"data":{"id":"4aa802fe-283e-4c43-b2c6-bd1c9a54d8f0","title":"GHSA-mxjx-28vx-xjjj: Network-AI: ApprovalInbox HTTP server has no authentication — anyone can approve pending agent actions ","summary":"The `ApprovalInbox` HTTP server in network-ai (version 5.11.0 and earlier) has no authentication and allows cross-origin requests (CORS, a mechanism that controls which websites can access a server). This means anyone who can reach the server—whether through the same computer, a website you visit in your browser, or a network connection—can view pending approvals and approve them without permission, bypassing the human-in-the-loop control (a safety check requiring a person to review high-risk actions before they run). This defeats protections meant to prevent the AI from executing dangerous operations like shell commands without consent.","solution":"N/A -- no mitigation discussed in source.","labels":["security","safety"],"sourceUrl":"https://github.com/advisories/GHSA-mxjx-28vx-xjjj","publishedAt":"2026-06-19T21:42:32.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":["network-ai@>= 5.0.0, <= 5.12.1 (fixed: 5.12.2)"],"affectedVendors":["LangChain"],"affectedVendorsRaw":["network-ai"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":true,"disclosureDate":"2026-06-19T21:42:32.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","safety"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}