PatchSiren cyber security CVE debrief
CVE-2026-12203 HKUDS CVE debrief
CVE-2026-12203 is a MEDIUM severity vulnerability in AI-Trader. The vulnerability affects the Research Export component, specifically the file /api/research/agents.csv. An attacker can exploit this vulnerability remotely, resulting in information disclosure. The CVSS score for this vulnerability is 5.5.
- Vendor
- HKUDS
- Product
- AI-Trader
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of AI-Trader up to version 74caf996f78dcc0c657df8365c8544678a16e215 should apply the patch 91a31aac1b0f4dbc6b8bef9f6eff0b7912e0bc65 to fix this issue.
Technical summary
The vulnerability is caused by an unknown part of the file /api/research/agents.csv in the Research Export component. The exploit has been made public and could be used. The vendor has confirmed that research export endpoints now require an authenticated agent with the research_exports capability.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply the patch 91a31aac1b0f4dbc6b8bef9f6eff0b7912e0bc65 to fix this issue.
- Ensure that research export endpoints are only accessible to authenticated agents with the research_exports capability.
Evidence notes
The vendor confirms: 'Research export endpoints now require an authenticated agent with the research_exports capability'.
Official resources
CVE-2026-12203 was published on 2026-06-15T02:16:12.100Z.