Browse all 6 CVE security advisories affecting OpenBMB. AI-powered Chinese analysis, POCs, and references for each vulnerability.
OpenBMB develops open-source large model frameworks focused on natural language processing and machine learning research. The organization's projects have historically been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities due to complex input handling and insufficient access controls. While no major security incidents have been widely documented, the six recorded CVEs highlight ongoing challenges in securing AI/ML components against injection attacks and improper authorization. OpenBMB's security posture reflects broader industry issues in balancing functionality with security, particularly as these frameworks gain adoption in production environments requiring robust input validation and sandboxing mechanisms.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-4959 | OpenBMB XAgent ShareServer WebSocket Endpoint share.py check_user missing authentication — XAgentCWE-306 | 7.3 | High | 2026-03-27 |
| CVE-2026-4958 | OpenBMB XAgent WebSocket Endpoint replayer.py ReplayServer.send_data authorization — XAgentCWE-639 | 3.1 | Low | 2026-03-27 |
| CVE-2026-4957 | OpenBMB XAgent API Key function_handler.py FunctionHandler.handle_tool_call log file — XAgentCWE-532 | 2.7 | Low | 2026-03-27 |
| CVE-2026-3954 | OpenBMB XAgent workspace.py workspace path traversal — XAgentCWE-22 | 6.5 | Medium | 2026-03-11 |
| CVE-2025-6281 | OpenBMB XAgent community path traversal — XAgentCWE-22 | 5.5 | Medium | 2025-06-19 |
| CVE-2024-2007 | OpenBMB XAgent Privileged Mode sandbox — XAgentCWE-265 | 5.3 | Medium | 2024-02-29 |
This page lists every published CVE security advisory associated with OpenBMB. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.