Missing Authorization for Interactive Sessions
June 9, 2025
Products Impacted
This vulnerability is present in all versions of BackendAI. We tested on version 25.3.3 (commit f7f8fe33ea0230090f1d0e5a936ef8edd8cf9959).
CVSS Score: 8.1
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE Categorization
CWE-862: Missing authorization
Details
When a user starts an interactive session, a web terminal gets exposed to a random port. A threat actor can scan the ports until they find an open interactive session and access it without any authorization or prior authentication.
To reproduce this, we created a session with all settings set to default.
Then, we accessed the web terminal in a new tab
However, while simulating the threat actor, we access the same URL in an “incognito window” — eliminating any cache, cookies, or login credentials — we can still reach it, demonstrating the absence of proper authorization controls.
Related SAI Security Advisory
November 26, 2025
Allowlist Bypass in Run Terminal Tool Allows Arbitrary Code Execution During Autorun Mode
When in autorun mode with the secure ‘Follow Allowlist’ setting, Cursor checks commands sent to run in the terminal by the agent to see if a command has been specifically allowed. The function that checks the command has a bypass to its logic, allowing an attacker to craft a command that will execute non-whitelisted commands.
October 17, 2025
Data Exfiltration from Tool-Assisted Setup
Windsurf’s automated tools can execute instructions contained within project files without asking for user permission. This means an attacker can hide instructions within a project file to read and extract sensitive data from project files (such as a .env file) and insert it into web requests for the purposes of exfiltration.