{"data":{"id":"cc69fec2-7d19-47dd-9fae-792748da6a4e","title":"CVE-2025-59956: AgentAPI is an HTTP API for Claude Code, Goose, Aider, Gemini, Amp, and Codex. Versions 0.3.3 and below are susceptible ","summary":"AgentAPI (an HTTP interface for various AI coding assistants) versions 0.3.3 and below are vulnerable to a DNS rebinding attack (where an attacker tricks your browser into connecting to a malicious server that responds like your local machine), allowing unauthorized access to the /messages endpoint. This vulnerability can expose sensitive data stored locally, including API keys, file contents, and code the user was developing.","solution":"This issue is fixed in version 0.4.0.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-59956","publishedAt":"2025-09-30T11:37:41.743Z","cveId":"CVE-2025-59956","cweIds":["CWE-350","CWE-290"],"cvssScore":"6.5","cvssSeverity":"medium","severity":"medium","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Anthropic","Google"],"affectedVendorsRaw":["Claude Code","Goose","Aider","Gemini","Amp","Codex","AgentAPI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00062,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}