CVE-2026-45226

Name of the Vulnerable Software and Affected Versions Heym versions prior to 0.0.21

Description An authorization bypass exists in workflow execution allowing authenticated users to execute arbitrary workflows. By referencing victim workflow UUIDs without proper access validation, attackers can create workflows with execute nodes or agent subWorkflowIds pointing to those UUIDs. This allows the loading and execution of workflows under attacker-controlled paths, which can expose outputs and trigger nodes with unintended side effects.

Recommendations Update to version 0.0.21 or later.