{"data":{"id":"a87311f9-32b7-4e79-997b-46ca3fed6bfd","title":"CVE-2026-42572: Hatchet is a platform for orchestrating background tasks, AI agents, and durable workflows at scale. Prior to 0.83.39, a","summary":"Hatchet is a platform for managing background tasks (work done separately from main application logic), AI agents, and workflows at scale. Before version 0.83.39, a missing authorization check on one API endpoint (GET /api/v1/stable/dags/tasks) allowed any authenticated user to view task details from other organizations (tenants) on the same Hatchet instance by providing another tenant's identifier.","solution":"Update Hatchet to version 0.83.39 or later, where this vulnerability is fixed.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-42572","publishedAt":"2026-05-14T18:16:47.943Z","cveId":"CVE-2026-42572","cweIds":["CWE-639","CWE-863"],"cvssScore":"5.3","cvssSeverity":"medium","severity":"medium","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["Hatchet"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"network","attackComplexity":"high","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-14T18:16:47.943Z","capecIds":["CAPEC-122"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}