CVE-2026-13511

Sažetak

A vulnerability was determined in VoltAgent up to 2.1.17. Affected by this issue is the function handleGetMemoryConversation of the file packages/server-core/src/handlers/memory.handlers.ts of the component Memory REST API. Executing a manipulation of the argument conversationId can lead to improper authorization. The attack may be performed from remote. This attack is characterized by high complexity. The exploitation is known to be difficult. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.

Reference

https://github.com/VoltAgent/voltagent/
https://github.com/VoltAgent/voltagent/issues/1315
https://github.com/VoltAgent/voltagent/pull/1317
https://vuldb.com/cve/CVE-2026-13511
https://vuldb.com/submit/838873
https://vuldb.com/vuln/374519
https://vuldb.com/vuln/374519/cti

CVSS

Base:	2.1
Impact:	2.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:H/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

28-06-2026 - 23:16

Objavljeno

28-06-2026 - 23:16