CVE-2026-12203: A vulnerability was found in HKUDS AI-Trader up to 74caf996f78dcc0c657df8365c8544678a16e215. This affects an unknown par
Summary
A vulnerability in HKUDS AI-Trader allowed attackers to access sensitive information through the research export feature by manipulating the /api/research/agents.csv file, and this flaw could be exploited remotely without needing physical access to the system. The vulnerability affects versions up to commit 74caf996f78dcc0c657df8365c8544678a16e215, and the exploit details have been made publicly available.
Solution / Mitigation
Apply patch 91a31aac1b0f4dbc6b8bef9f6eff0b7912e0bc65. The vendor confirms the fix requires authentication (proof of identity) and the research_exports capability (a specific permission) to access research export endpoints.
Vulnerability Details
5.3(medium)
EPSS: 0.4%
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
network
low
none
none
June 14, 2026
Classification
Affected Vendors
Related Issues
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
CVE-2025-54868: LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-12203
First tracked: June 15, 2026 at 02:08 PM
Classified by LLM (prompt v3) · confidence: 75%