Cyber Resilience

CVE-2026-8321

Medium

Published: 11 May 2026

Published
11 May 2026
Modified
12 May 2026
KEV Added
Patch
CVSS Score v4 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0010 27.8th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-8321 is a medium-severity Improper Authentication (CWE-287) vulnerability. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 27.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function createDevContext of the file agents-api/src/middleware/runAuth.ts of the component runAuth Middleware. Performing a manipulation results in authentication bypass using alternate channel. The attack is possible to be carried…

more

out remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Direct remote auth bypass in public-facing API middleware (CWE-288) enables exploitation of exposed application.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-67507Shared CWE-287, CWE-288
CVE-2026-3461Shared CWE-288
CVE-2025-67070Shared CWE-288
CVE-2026-42760Shared CWE-288
CVE-2025-71279Shared CWE-287
CVE-2024-13804Shared CWE-287
CVE-2026-45109Shared CWE-288
CVE-2026-42735Shared CWE-288
CVE-2024-57046Shared CWE-287
CVE-2026-1203Shared CWE-287

Affected Assets

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-287 CWE-288

Detects unauthorized successful logons resulting from improper authentication implementations.

addresses: CWE-287 CWE-288

Requires adaptive authentication under specific conditions, directly strengthening authentication mechanisms against improper or insufficient authentication.

addresses: CWE-287 CWE-288

Identity providers centralize and enforce authentication mechanisms, reducing improper authentication.

addresses: CWE-287 CWE-288

Mandates unique identification and authentication of non-organizational users, directly mitigating improper authentication.

addresses: CWE-288

Authorizing remote access reduces the ability to bypass authentication via unauthorized alternate remote channels.

addresses: CWE-287

Documented procedures ensure personnel are trained on authentication mechanisms, tangibly lowering the risk of improper authentication being exploited.

addresses: CWE-287

Security awareness training instructs users on secure authentication practices and avoiding credential compromise.

addresses: CWE-287

Training on authentication mechanisms and best practices decreases the occurrence of improper authentication.

References