PT-2026-35202 · Unknown · Smythos Sre

Eric-B

Published

2026-04-26

Updated

2026-04-26

CVE-2026-7021

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions SmythOS sre versions prior to 0.0.16

Description A weakness in the Connector Service component, specifically within the packages/sdk/src/LLM/utils.ts file, allows for remote information disclosure. This occurs through the manipulation of the baseURL argument in an unspecified function.

Recommendations Update SmythOS sre to a version later than 0.0.15. As a temporary workaround, restrict or monitor the use of the baseURL argument within the Connector Service to minimize the risk of information disclosure.

Exploit

Fix

Information Disclosure

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-284

Related Identifiers

CVE-2026-7021

Affected Products

Smythos Sre

PT-2026-35202 · Unknown · Smythos Sre

CVE-2026-7021

Weakness Enumeration

Related Identifiers

Affected Products

References · 8