CVE-2026-12203
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk32th percentile — higher than 32% of all known CVEs
Summary
A vulnerability was found in HKUDS AI-Trader affecting an unknown part of the file /api/research/agents.csv of the Research Export component. Manipulation of this file results in information disclosure, and remote exploitation is possible.
Risk Assessment
The vulnerability may lead to the disclosure of sensitive data, posing a risk to the organization's security. The publicly available exploit increases the likelihood of an attack.
Recommendation
It is recommended to apply the patch named 91a31aac1b0f4dbc6b8bef9f6eff0b7912e0bc65 to fix this issue. Additionally, ensure that research export endpoints require an authenticated agent with the appropriate capabilities.
Original NVD description (English source)
A vulnerability was found in HKUDS AI-Trader up to 74caf996f78dcc0c657df8365c8544678a16e215. This affects an unknown part of the file /api/research/agents.csv of the component Research Export. Performing a manipulation results in information disclosure. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The patch is named 91a31aac1b0f4dbc6b8bef9f6eff0b7912e0bc65. Applying a patch is the recommended action to fix this issue. The vendor confirms: "Research export endpoints now require an authenticated agent with the research_exports capability".

