CVE-2026-26057
Published: 19 February 2026
Summary
CVE-2026-26057 is a medium-severity Exposure of Resource to Wrong Sphere (CWE-668) vulnerability in Cisco Skill Scanner. Its CVSS base score is 6.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 24.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Other Platforms; in the Supply Chain and Deployment risk domain.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-7 (Boundary Protection).
Deeper analysis
CVE-2026-26057 is a vulnerability in the API Server component of Skill Scanner, a security scanner designed to detect prompt injection, data exfiltration, and malicious code patterns in AI Agent Skills. The issue stems from an erroneous binding to multiple interfaces, enabling unauthenticated remote attackers to interact with the server API. This affects Skill Scanner versions 1.0.1 and earlier when the API Server is enabled, which is not the case by default. The vulnerability has a CVSS v3.1 base score of 6.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) and is associated with CWE-668 (Exposure of Resource to Wrong Sphere).
An unauthenticated remote attacker can exploit this vulnerability by sending API requests to a device exposing the affected API Server. Successful exploitation could allow the attacker to trigger a denial-of-service (DoS) condition through memory starvation by consuming excessive resources, or to upload arbitrary files to folders on the affected device.
The Skill Scanner security advisory (GHSA-ppfx-73j5-fhxc) and associated GitHub commit (1e35e57f3051ecc89ba845ae7206321c8eac20a1) confirm that the vulnerability is fixed in Skill Scanner releases 1.0.2 and later. Practitioners should ensure the API Server is disabled unless required and upgrade to a patched version to mitigate risks.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-7983
Vulnerability details
Skill Scanner is a security scanner for AI Agent Skills that detects prompt injection, data exfiltration, and malicious code patterns. A vulnerability in the API Server of Skill Scanner could allow a unauthenticated, remote attacker to interact with the server…
more
API and either trigger a denial of service (DoS) condition or upload arbitrary files. This vulnerability is due to an erroneous binding to multiple interfaces. An attacker could exploit this vulnerability by sending API requests to a device exposing the affected API Server. A successful exploit could allow the attacker to consume an excessive amount of resources (memory starvation) or to upload files to arbitrary folders on the affected device. This vulnerability affects Skill-scanner 1.0.1 and earlier releases when the API Server is enabled. The API Server is not enabled by default. Skill-scanner software releases 1.0.2 and later contain the fix for this vulnerability.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Other Platforms
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai, prompt injection
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated remote access to exposed API server directly matches T1190 (public-facing app exploitation); arbitrary file upload enables T1105 (ingress tool transfer); resource-consuming API abuse enables T1499.004 (application exploitation for DoS).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces authentication and authorization on the API server, blocking the unauthenticated remote requests that enable DoS and file upload.
Restricts network interfaces and boundary exposure, directly mitigating the erroneous multi-interface binding that allows external attackers to reach the API.
Controls remote access methods and requires explicit authorization, limiting the unauthenticated API interaction described in the CVE.