Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-46414

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-27 May, 2026 | 21:54
Updated At-27 May, 2026 | 21:54
Rejected At-
Credits

Microsoft UFO WebSocket role spoofing allows authenticated peer task hijacking

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's WebSocket control plane trusts client-supplied identity and role fields in task messages. A client connection can register as a normal device, but later send a TASK message claiming client_type="constellation" and target_id=<victim-device-id>. The server trusts the role and target values from the wire message rather than enforcing the role registered for that WebSocket connection. As a result, any authenticated WebSocket client with the shared server token can spoof the higher-privilege constellation role and dispatch attacker-controlled tasks to another connected device. The same client registry also allows duplicate client_id registration, overwriting an existing live client's stored websocket, role, and task protocol. This is an authenticated WebSocket role/identity spoofing issue leading to peer task hijacking.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:27 May, 2026 | 21:54
Updated At:27 May, 2026 | 21:54
Rejected At:
▼CVE Numbering Authority (CNA)
Microsoft UFO WebSocket role spoofing allows authenticated peer task hijacking

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's WebSocket control plane trusts client-supplied identity and role fields in task messages. A client connection can register as a normal device, but later send a TASK message claiming client_type="constellation" and target_id=<victim-device-id>. The server trusts the role and target values from the wire message rather than enforcing the role registered for that WebSocket connection. As a result, any authenticated WebSocket client with the shared server token can spoof the higher-privilege constellation role and dispatch attacker-controlled tasks to another connected device. The same client registry also allows duplicate client_id registration, overwriting an existing live client's stored websocket, role, and task protocol. This is an authenticated WebSocket role/identity spoofing issue leading to peer task hijacking.

Affected Products
Vendor
Microsoft Corporationmicrosoft
Product
UFO
Versions
Affected
  • 3.0.1-4-ge2626659
Problem Types
TypeCWE IDDescription
CWECWE-290CWE-290: Authentication Bypass by Spoofing
CWECWE-639CWE-639: Authorization Bypass Through User-Controlled Key
CWECWE-862CWE-862: Missing Authorization
Type: CWE
CWE ID: CWE-290
Description: CWE-290: Authentication Bypass by Spoofing
Type: CWE
CWE ID: CWE-639
Description: CWE-639: Authorization Bypass Through User-Controlled Key
Type: CWE
CWE ID: CWE-862
Description: CWE-862: Missing Authorization
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/microsoft/UFO/security/advisories/GHSA-qgx6-cvhg-jw7p
x_refsource_CONFIRM
Hyperlink: https://github.com/microsoft/UFO/security/advisories/GHSA-qgx6-cvhg-jw7p
Resource:
x_refsource_CONFIRM
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:27 May, 2026 | 23:16
Updated At:28 May, 2026 | 18:56

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's WebSocket control plane trusts client-supplied identity and role fields in task messages. A client connection can register as a normal device, but later send a TASK message claiming client_type="constellation" and target_id=<victim-device-id>. The server trusts the role and target values from the wire message rather than enforcing the role registered for that WebSocket connection. As a result, any authenticated WebSocket client with the shared server token can spoof the higher-privilege constellation role and dispatch attacker-controlled tasks to another connected device. The same client registry also allows duplicate client_id registration, overwriting an existing live client's stored websocket, role, and task protocol. This is an authenticated WebSocket role/identity spoofing issue leading to peer task hijacking.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-290Primarysecurity-advisories@github.com
CWE-639Primarysecurity-advisories@github.com
CWE-862Primarysecurity-advisories@github.com
CWE ID: CWE-290
Type: Primary
Source: security-advisories@github.com
CWE ID: CWE-639
Type: Primary
Source: security-advisories@github.com
CWE ID: CWE-862
Type: Primary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/microsoft/UFO/security/advisories/GHSA-qgx6-cvhg-jw7psecurity-advisories@github.com
N/A
Hyperlink: https://github.com/microsoft/UFO/security/advisories/GHSA-qgx6-cvhg-jw7p
Source: security-advisories@github.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1216Records found
CVE-2018-2484
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-8.8||HIGH
EPSS-0.41% / 61.90%
||
7 Day CHG~0.00%
Published-08 Jan, 2019 | 20:00
Updated-05 Aug, 2024 | 04:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank/CFM 4.63_20) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

Action-Not Available
Vendor-SAP SE
Product-sapscores4coreea-finservbank\/cfmSAP Enterprise Financial Services (S4CORE)SAP Enterprise Financial Services (EA-FINSERV)SAP Enterprise Financial Services (SAPSCORE)SAP Enterprise Financial Services (Bank/CFM)
CWE ID-CWE-862
Missing Authorization
CVE-2023-41695
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-3.5||LOW
EPSS-0.44% / 63.48%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:24
Updated-29 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Analytify plugin <= 5.1.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Adnan Analytify wp-analytify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Analytify: from n/a through <= 5.1.0.

Action-Not Available
Vendor-analytifyAdnan
Product-analytify_-_google_analytics_dashboardAnalytify
CWE ID-CWE-862
Missing Authorization
CVE-2023-39312
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.1||CRITICAL
EPSS-0.44% / 63.42%
||
7 Day CHG~0.00%
Published-19 Jun, 2024 | 14:23
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Avada theme <= 7.11.1 - Auth. Unrestricted Zip Extraction vulnerability

Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.

Action-Not Available
Vendor-Avada (ThemeFusion)
Product-avadaAvadaavada
CWE ID-CWE-862
Missing Authorization
CVE-2025-7695
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.33% / 56.32%
||
7 Day CHG~0.00%
Published-24 Jul, 2025 | 09:22
Updated-25 Jul, 2025 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dataverse Integration 2.77 - 2.81 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via reset_password_link REST Route

The Dataverse Integration plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks within its reset_password_link REST endpoint in versions 2.77 through 2.81. The endpoint’s handler accepts a client-supplied id, email, or login, looks up that user, and calls get_password_reset_key() unconditionally. Because it only checks that the caller is authenticated, and not that they own or may edit the target account, any authenticated attacker, with Subscriber-level access and above, can obtain a password reset link for an administrator and hijack that account.

Action-Not Available
Vendor-alexacrm
Product-Dataverse Integration
CWE ID-CWE-862
Missing Authorization
CVE-2023-39544
Matching Score-4
Assigner-NEC Corporation
ShareView Details
Matching Score-4
Assigner-NEC Corporation
CVSS Score-8.8||HIGH
EPSS-0.07% / 21.45%
||
7 Day CHG~0.00%
Published-17 Nov, 2023 | 05:28
Updated-29 Aug, 2024 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.

Action-Not Available
Vendor-NEC Corporation
Product-expresscluster_x_singleserversafeexpresscluster_xCLUSTERPRO X(EXPRESSCLUSTER X)CLUSTERPRO X SingleServerSafe (EXPRESSCLUSTER X SingleServerSafe)
CWE ID-CWE-862
Missing Authorization
CVE-2023-39922
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.59%
||
7 Day CHG~0.00%
Published-19 Jun, 2024 | 12:17
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Avada theme <= 7.11.1 - Authenticated Broken Access Control vulnerability

Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.

Action-Not Available
Vendor-Avada (ThemeFusion)
Product-avadaAvada
CWE ID-CWE-862
Missing Authorization
CVE-2023-39990
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 44.04%
||
7 Day CHG~0.00%
Published-19 Jun, 2024 | 12:08
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Paid Memberships Pro plugin <= 1.2.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 1.2.3.

Action-Not Available
Vendor-strangerstudiosPaid Memberships Pro
Product-paid_memberships_proPaid Memberships Pro
CWE ID-CWE-862
Missing Authorization
CVE-2023-38102
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.35% / 57.50%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:59
Updated-06 Feb, 2025 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR ProSAFE Network Management System createUser Missing Authorization Privilege Escalation Vulnerability

NETGEAR ProSAFE Network Management System createUser Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the createUser function. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. Was ZDI-CAN-19726.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-prosafe_network_management_systemProSAFE Network Management Systemprosafe_network_management_system
CWE ID-CWE-862
Missing Authorization
CVE-2023-38475
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.29% / 52.59%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:23
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Donations Made Easy – Smart Donations plugin <= 4.0.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in RedNao Donations Made Easy – Smart Donations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Donations Made Easy – Smart Donations: from n/a through 4.0.12.

Action-Not Available
Vendor-rednaoRedNao
Product-donations_made_easy_-_smart_donationsDonations Made Easy – Smart Donations
CWE ID-CWE-862
Missing Authorization
CVE-2023-38385
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.3||HIGH
EPSS-0.81% / 74.57%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:23
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Jupiter X Core plugin <= 3.3.0 - Multiple Auth. Broken Access Control vulnerability

Missing Authorization vulnerability in Artbees JupiterX Core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JupiterX Core: from 3.0.0 through 3.3.0.

Action-Not Available
Vendor-artbeesArtbees
Product-jupiter_x_coreJupiterX Core
CWE ID-CWE-862
Missing Authorization
CVE-2023-3714
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.5||HIGH
EPSS-0.18% / 39.25%
||
7 Day CHG~0.00%
Published-18 Jul, 2023 | 02:39
Updated-08 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ProfileGrid <= 5.5.2 - Missing Authorization to Arbitrary Group Option Modification and Privilege Escalation

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'edit_group' handler in versions up to, and including, 5.5.2. This makes it possible for authenticated attackers, with group ownership, to update group options, including the 'associate_role' parameter, which defines the member's role. This issue was partially patched in version 5.5.2 preventing privilege escalation, however, it was fully patched in 5.5.3.

Action-Not Available
Vendor-Metagauss Inc.
Product-profilegridProfileGrid – User Profiles, Groups and Communities
CWE ID-CWE-862
Missing Authorization
CVE-2023-3713
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.88%
||
7 Day CHG~0.00%
Published-18 Jul, 2023 | 02:39
Updated-08 Apr, 2026 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ProfileGrid <= 5.5.1 - Authenticated (Subscriber+) Arbitrary Option Update

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'profile_magic_check_smtp_connection' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update the site options arbitrarily. This can be used by attackers to achieve privilege escalation.

Action-Not Available
Vendor-Metagauss Inc.
Product-profilegridProfileGrid – User Profiles, Groups and Communities
CWE ID-CWE-862
Missing Authorization
CVE-2023-37886
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.09% / 24.79%
||
7 Day CHG~0.00%
Published-25 Mar, 2024 | 04:29
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RealHomes theme <= 4.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in InspiryThemes RealHomes.This issue affects RealHomes: from n/a through 4.0.2.

Action-Not Available
Vendor-inspirythemesInspiryThemes
Product-realhomesRealHomes
CWE ID-CWE-862
Missing Authorization
CVE-2023-36676
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 43.25%
||
7 Day CHG~0.00%
Published-19 Jun, 2024 | 13:52
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Spectra plugin <= 2.6.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Brainstorm Force Spectra.This issue affects Spectra: from n/a through 2.6.6.

Action-Not Available
Vendor-Brainstorm Force
Product-spectraSpectra
CWE ID-CWE-862
Missing Authorization
CVE-2023-35051
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.27% / 50.60%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:23
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contact Forms by Cimatti plugin <= 1.5.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Forms by Cimatti: from n/a through 1.5.7.

Action-Not Available
Vendor-cimattiCimatti Consulting
Product-wordpress_contact_formsContact Forms by Cimatti
CWE ID-CWE-862
Missing Authorization
CVE-2022-28866
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.25% / 48.19%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 06:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple Improper Access Control was discovered in Nokia AirFrame BMC Web GUI < R18 Firmware v4.13.00. It does not properly validate requests for access to (or editing of) data and functionality in all endpoints under /#settings/* and /api/settings/*. By not verifying the permissions for access to resources, it allows a potential attacker to view pages, with sensitive data, that are not allowed, and modify system configurations also causing DoS, which should be accessed only by user with administration profile, bypassing all controls (without checking for user identity).

Action-Not Available
Vendor-n/aNokia Corporation
Product-airframe_bmc_web_gui_r18_firmwaren/a
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • ...
  • 23
  • 24
  • 25
  • Next
Details not found