CVE-2026-7021 MEDIUM

CVE-2026-7021: SmythOS sre Connector Service utils.ts information disclosure

Vendor Smythos
Product sre
Weakness CWE-200 · Info exposure
Published April 26, 2026
Last update April 27, 2026
View on NVD All CVEs

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A weakness has been identified in SmythOS sre up to 0.0.15. This impacts an unknown function of the file packages/sdk/src/LLM/utils.ts of the component Connector Service. This manipulation of the argument baseURL causes information disclosure. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

April 26, 2026 CVE published
April 27, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-7411 Newsletters <= 4.9.9 - Unauthenticated Full Path Disclosure CVE-2023-40058 Sensitive Information Disclosure Vulnerability CVE-2020-3547 Cisco Email Security Appliance, Cisco Content Security Management Appliance, and Cisco Web Security Appliance Information Disclosure Vulnerability CVE-2024-52508 Nextcloud Mail auto configurator can be tricked into sending account information to wrong servers CVE-2024-22200 vantage6-UI docker image leaks software version information