{"data":{"id":"5ff3f369-5a75-439b-a788-1a9333c19216","title":"CVE-2026-12203: A vulnerability was found in HKUDS AI-Trader up to 74caf996f78dcc0c657df8365c8544678a16e215. This affects an unknown par","summary":"A vulnerability in HKUDS AI-Trader allowed attackers to access sensitive information through the research export feature by manipulating the /api/research/agents.csv file, and this flaw could be exploited remotely without needing physical access to the system. The vulnerability affects versions up to commit 74caf996f78dcc0c657df8365c8544678a16e215, and the exploit details have been made publicly available.","solution":"Apply patch 91a31aac1b0f4dbc6b8bef9f6eff0b7912e0bc65. The vendor confirms the fix requires authentication (proof of identity) and the research_exports capability (a specific permission) to access research export endpoints.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-12203","publishedAt":"2026-06-15T02:16:12.100Z","cveId":"CVE-2026-12203","cweIds":["CWE-200","CWE-284"],"cvssScore":"5.3","cvssSeverity":"medium","severity":"medium","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["HKUDS AI-Trader"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0.00402,"patchAvailable":null,"disclosureDate":"2026-06-15T02:16:12.100Z","capecIds":["CAPEC-116"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}