AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

GHSA-ppfx-73j5-fhxc: Skill-scanner Unsecured Network Binding Vulnerability

mediumvulnerability

security

Source: GitHub Advisory DatabaseFebruary 17, 2026CVE-2026-26057

Summary

Skill-scanner versions 1.0.1 and earlier have a vulnerability in their API Server (a network interface that lets external programs communicate with the software) where the server is incorrectly exposed to multiple network interfaces without proper authentication. An attacker could send requests to this server to cause a denial of service attack (making it unavailable by exhausting its resources) or upload files to unintended locations on the device.

Solution / Mitigation

Update to Skill-scanner version 1.0.2 or later, which contains the fix for this vulnerability.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.1%

Classification

Attack Type

DoS

Attack SophisticationTrivial

Impact (CIA+S)

availabilityintegrity

Affected Vendors

Affected Packages

cisco-ai-skill-scanner@< 1.0.2 (fixed: 1.0.2)

Related Issues

medium

CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem

Similar attackNVD/CVE Database

low

CVE-2021-29541: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null p

First tracked: February 17, 2026 at 02:12 PM

Classified by LLM (prompt v3) · confidence: 72%