Auth bypass in Aegra
CVE-2026-44504
Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, given another user's thread_id, can execute…
EPSS: 0.000 (2.9th percentile) — read the EPSS interpretation.
Affected products
- Aegra — versions < 0.9.7
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)