CVE-2026-45577EPSS p15.9%

CVE-2026-45577CVE-2026-45577

Description

Neotoma provides versioned records that persist across agent runs. From 0.6.0 to before 0.11.1, Neotoma can treat public reverse-proxied requests as local when the app receives them over a loopback socket and no Bearer token is present. In affected deployments, the REST auth middleware can resolve unauthenticated requests as the local development user, making the hosted Inspector and related API surface reachable without credentials. This vulnerability is fixed in 0.11.1.

Scoring

EPSS0.25% probability of exploitation · percentile 15.9% · 2026-06-19T12:03:05Z
Last modified2026-06-01

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-25268
CVE
CVE-2026-44830
CVE
CVE-2026-10622
CVE
CVE-2025-59707
CVE
CVE-2026-45707
CVE
CVE-2026-38651
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.