Vulnerability Description
Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, given another user's thread_id, can execute graph runs against the user's thread, read the user's full checkpoint state, and inject arbitrary messages into the user's conversation history. This vulnerability is fixed in 0.9.7.
Related Weaknesses (CWE)
References
FAQ
What is CVE-2026-44504?
CVE-2026-44504 is a documented vulnerability. Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, give...
How severe is CVE-2026-44504?
CVSS scoring is not yet available for CVE-2026-44504. Check NVD for updates.
Is there a patch for CVE-2026-44504?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.