CVE-2026-44504

Name of the Vulnerable Software and Affected Versions Aegra versions 0.9.0 through 0.9.6

Description Shared instances with multiple authenticated users are susceptible to a cross-tenant Insecure Direct Object Reference (IDOR). An authenticated attacker who obtains another user's thread id can execute graph runs, read the full checkpoint state via the output field, and inject arbitrary messages into the victim's conversation history. The vulnerability exists because run-creation endpoints lacked a user id filter at the SQL layer, and the authorization model defaults to allowing requests when no custom handler is registered. This affects the following endpoints:

Recommendations Update to version 0.9.7. As a temporary workaround, register an @auth.on("threads", "create run") handler to explicitly verify that the thread ownership matches the authenticated identity before allowing the operation.