CVE-2026-12203

Description

A vulnerability was found in HKUDS AI-Trader up to 74caf996f78dcc0c657df8365c8544678a16e215. This affects an unknown part of the file /api/research/agents.csv of the component Research Export. Performing a manipulation results in information disclosure. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The patch is named 91a31aac1b0f4dbc6b8bef9f6eff0b7912e0bc65. Applying a patch is the recommended action to fix this issue. The vendor confirms: "Research export endpoints now require an authenticated agent with the research_exports capability".

PUBLISHED Reserved 2026-06-14 | Published 2026-06-15 | Updated 2026-06-15 | Assigner VulDB

Problem types

Information Disclosure

Improper Access Controls

Product status

Timeline

Credits

davidgilmore (VulDB User) reporter

VulDB CNA Team coordinator

References

vuldb.com/vuln/370846 (VDB-370846 | HKUDS AI-Trader Research Export agents.csv information disclosure) vdb-entry

vuldb.com/vuln/370846/cti (VDB-370846 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/cve/CVE-2026-12203 (CVE-2026-12203 | CVE Analysis and Report) third-party-advisory

vuldb.com/submit/830273 (Submit #830273 | HKUDS AI-Trader 1.0 Information Disclosure) third-party-advisory

github.com/HKUDS/AI-Trader/issues/242 issue-tracking

github.com/HKUDS/AI-Trader/pull/227 issue-tracking patch

github.com/...a Exposure in Research Export (CVE-Pending).md broken-link exploit

github.com/...ommit/91a31aac1b0f4dbc6b8bef9f6eff0b7912e0bc65 patch

github.com/HKUDS/AI-Trader/ product

cve.org (CVE-2026-12203)

nvd.nist.gov (CVE-2026-12203)

Download JSON