SmythOS sre Connector Service utils.ts information disclosure_CVE-2026-7021

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in SmythOS sre up to 0.0.15. This impacts an unknown function of the file packages/sdk/src/LLM/utils.ts of the component Connector Service. This manipulation of the argument baseURL causes information disclosure. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2026-7021

Source VulDB

Published Apr 26, 2026 at 05:30

Affected Product

Vendor SmythOS

Product sre

Version 0.0.1

Affected Versions SmythOS sre 0.0.1
SmythOS sre 0.0.2
SmythOS sre 0.0.3
SmythOS sre 0.0.4
SmythOS sre 0.0.5
SmythOS sre 0.0.6
SmythOS sre 0.0.7
SmythOS sre 0.0.8
SmythOS sre 0.0.9
SmythOS sre 0.0.10
SmythOS sre 0.0.11
SmythOS sre 0.0.12
SmythOS sre 0.0.13
SmythOS sre 0.0.14
SmythOS sre 0.0.15

CWE Classification

CWE-200 CWE-284

References

{
    "lastseen": "",
    "description": "A weakness has been identified in SmythOS sre up to 0.0.15. This impacts an unknown function of the file packages/sdk/src/LLM/utils.ts of the component Connector Service. This manipulation of the argument baseURL causes information disclosure. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-04-26T05:30:15.403Z",
    "modified": "2026-04-26T05:30:15.403Z",
    "type": "cve",
    "title": "SmythOS sre Connector Service utils.ts information disclosure",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/359600\nhttps://vuldb.com/vuln/359600/cti\nhttps://vuldb.com/submit/797642\nhttps://gist.github.com/YLChen-007/3d35e0ce8197989ee4de4a93def30d47",
    "id": "CVE-2026-7021",
    "bulletinFamily": "",
    "cwe": [
        "CWE-200",
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "SmythOS sre 0.0.1\nSmythOS sre 0.0.2\nSmythOS sre 0.0.3\nSmythOS sre 0.0.4\nSmythOS sre 0.0.5\nSmythOS sre 0.0.6\nSmythOS sre 0.0.7\nSmythOS sre 0.0.8\nSmythOS sre 0.0.9\nSmythOS sre 0.0.10\nSmythOS sre 0.0.11\nSmythOS sre 0.0.12\nSmythOS sre 0.0.13\nSmythOS sre 0.0.14\nSmythOS sre 0.0.15",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "sre",
    "version": "0.0.1",
    "vendor": "SmythOS",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}