CVE-2026-8321

HIGH 7.3

inkeep agents runAuth Middleware runAuth.ts createDevContext authentication bypass

CVSS Score

7.3

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function createDevContext of the file agents-api/src/middleware/runAuth.ts of the component runAuth Middleware. Performing a manipulation results in authentication bypass using alternate channel. The attack is possible to be carried out remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CWE	CWE-288 CWE-287
Vendor	inkeep
Product	agents
Published	May 11, 2026
Last Updated	May 12, 2026

Stay Ahead of the Next One

Get instant alerts for inkeep agents

Be the first to know when new high vulnerabilities affecting inkeep agents are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

inkeep / agents

0.58.14

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/362608 vuldb.com: https://vuldb.com/vuln/362608/cti vuldb.com: https://vuldb.com/submit/811314 github.com: https://github.com/inkeep/agents/issues/3024 github.com: https://github.com/inkeep/agents/

Credits

🔍 Eric-d (VulDB User) VulDB CNA Team