Jojothebizarre

**Name of the Vulnerable Software and Affected Versions** Aegra versions 0.9.0 through 0.9.6 **Description** Shared instances with multiple authenticated users are susceptible to a cross-tenant Insecure Direct Object Reference (IDOR). An authenticated attacker who obtains another user's `thread id` can execute graph runs, read the full checkpoint state via the `output` field, and inject arbitrary messages into the victim's conversation history. The vulnerability exists because run-creation endpoints lacked a `user id` filter at the SQL layer, and the authorization model defaults to allowing requests when no custom handler is registered. This affects the following endpoints: - '/threads/{thread id}/runs' - '/threads/{thread id}/runs/stream' - '/threads/{thread id}/runs/wait' **Recommendations** Update to version 0.9.7. As a temporary workaround, register an `@auth.on("threads", "create run")` handler to explicitly verify that the thread ownership matches the authenticated identity before allowing the operation.