ByteOS Network

rowboatlabs

Source -

CNA

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2026-6635

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-6.9||MEDIUM

EPSS-Not Assigned

Published-20 Apr, 2026 | 11:45

Updated-20 Apr, 2026 | 13:26

rowboatlabs rowboat tools_webhook app.py tool_call improper authentication

A security vulnerability has been detected in rowboatlabs rowboat up to 0.1.67. This impacts the function tool_call of the file apps/experimental/tools_webhook/app.py of the component tools_webhook. Such manipulation of the argument X-Tools-JWE leads to improper authentication. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor-rowboatlabs

Product-rowboat

CWE ID-CWE-287

Improper Authentication

CVE-2025-7115

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-6.9||MEDIUM

EPSS-0.08% / 23.14%

7 Day CHG~0.00%

Published-07 Jul, 2025 | 06:02

Updated-08 Jul, 2025 | 16:18

rowboatlabs rowboat Session route.ts PUT missing authentication

A vulnerability was found in rowboatlabs rowboat up to 8096eaf63b5a0732edd8f812bee05b78e214ee97. It has been rated as critical. Affected by this issue is the function PUT of the file apps/rowboat/app/api/uploads/[fileId]/route.ts of the component Session Handler. The manipulation of the argument params leads to missing authentication. The attack may be launched remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. It is expected that this issue will be fixed in the near future.

Vendor-rowboatlabs

Product-rowboat

CWE ID-CWE-287

Improper Authentication

CWE ID-CWE-306

Missing Authentication for Critical Function