CVE-2026-12203: Information Disclosure in HKUDS AI-Trader
CVE-2026-12203 is an information disclosure vulnerability in the HKUDS AI-Trader product affecting the Research Export component. The issue involves the /api/research/agents.csv endpoint, where manipulation can lead to unauthorized data exposure. Remote exploitation is possible without privileges or user interaction. The vendor has released a patch that restricts access to authenticated agents with the research_exports capability, mitigating the vulnerability.
AI Analysis
Technical Summary
This vulnerability in HKUDS AI-Trader up to commit 74caf996f78dcc0c657df8365c8544678a16e215 allows remote attackers to disclose information by manipulating the /api/research/agents.csv endpoint in the Research Export component. The product uses a rolling release model, so specific affected versions are not enumerated. The vendor's patch identified by commit 91a31aac1b0f4dbc6b8bef9f6eff0b7912e0bc65 enforces authentication and capability checks on the research export endpoints, preventing unauthorized access. The CVSS 4.0 base score is 6.9 (medium severity) with network attack vector, low complexity, no privileges or user interaction required, and limited confidentiality impact.
Potential Impact
An attacker can remotely access sensitive information via the research export endpoint without authentication, leading to information disclosure. The vulnerability does not require privileges or user interaction and has a medium severity rating. There is no indication of integrity or availability impact.
Mitigation Recommendations
A patch is available and recommended. The vendor has implemented access control requiring authenticated agents with the research_exports capability to access the research export endpoints. Applying this patch or update will mitigate the vulnerability. Since the product uses a rolling release approach, users should update to the latest version including commit 91a31aac1b0f4dbc6b8bef9f6eff0b7912e0bc65 or later.
CVE-2026-12203: Information Disclosure in HKUDS AI-Trader
Description
CVE-2026-12203 is an information disclosure vulnerability in the HKUDS AI-Trader product affecting the Research Export component. The issue involves the /api/research/agents.csv endpoint, where manipulation can lead to unauthorized data exposure. Remote exploitation is possible without privileges or user interaction. The vendor has released a patch that restricts access to authenticated agents with the research_exports capability, mitigating the vulnerability.
CVSS v4.0
Score 6.9medium
Affected software
cpe:2.3:a:hkuds:ai-trader:*:*:*:*:*:*:*:*AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in HKUDS AI-Trader up to commit 74caf996f78dcc0c657df8365c8544678a16e215 allows remote attackers to disclose information by manipulating the /api/research/agents.csv endpoint in the Research Export component. The product uses a rolling release model, so specific affected versions are not enumerated. The vendor's patch identified by commit 91a31aac1b0f4dbc6b8bef9f6eff0b7912e0bc65 enforces authentication and capability checks on the research export endpoints, preventing unauthorized access. The CVSS 4.0 base score is 6.9 (medium severity) with network attack vector, low complexity, no privileges or user interaction required, and limited confidentiality impact.
Potential Impact
An attacker can remotely access sensitive information via the research export endpoint without authentication, leading to information disclosure. The vulnerability does not require privileges or user interaction and has a medium severity rating. There is no indication of integrity or availability impact.
Mitigation Recommendations
A patch is available and recommended. The vendor has implemented access control requiring authenticated agents with the research_exports capability to access the research export endpoints. Applying this patch or update will mitigate the vulnerability. Since the product uses a rolling release approach, users should update to the latest version including commit 91a31aac1b0f4dbc6b8bef9f6eff0b7912e0bc65 or later.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-06-14T11:51:13.067Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a2f5df71cccde5f26c0c8d6
Added to database: 6/15/2026, 2:05:43 AM
Last enriched: 6/15/2026, 2:20:43 AM
Last updated: 6/15/2026, 3:10:39 AM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.