GHSA-mxjx-28vx-xjjj: Network-AI: ApprovalInbox HTTP server has no authentication — anyone can approve pending agent actions
Summary
The `ApprovalInbox` HTTP server in network-ai (version 5.11.0 and earlier) has no authentication and allows cross-origin requests (CORS, a mechanism that controls which websites can access a server). This means anyone who can reach the server—whether through the same computer, a website you visit in your browser, or a network connection—can view pending approvals and approve them without permission, bypassing the human-in-the-loop control (a safety check requiring a person to review high-risk actions before they run). This defeats protections meant to prevent the AI from executing dangerous operations like shell commands without consent.
Classification
Affected Vendors
Affected Packages
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://github.com/advisories/GHSA-mxjx-28vx-xjjj
First tracked: June 19, 2026 at 08:01 PM
Classified by LLM (prompt v3) · confidence: 95%