CNNVD-202601-4174 Information

CNNVD ID

CNNVD-202601-4174

Related CVE

CVE-2026-0773

• CNNVD Published: 2026-01-23

Description (Chinese)

Upsonic是Upsonic开源的一个AI代理框架。 Upsonic存在代码问题漏洞，该漏洞源于add_tool端点缺乏对用户提供数据的验证，可能导致反序列化不受信任数据和远程代码执行。

Description (English)

Upsonic is an AI proxy framework for UPsonic open source. Upsonic has a code problem loophole, which stems from the lack of validation of data provided by users at the add tool endpoint, which may lead to anti-sequencing not being trusted data and remote coded.

Hazard Level

Low

Vulnerability Type

代码问题

Affected Vendor

Upsonic

Published

2026-01-23

Last Modified

2026-02-24

References

https://www.zerodayinitiative.com/advisories/ZDI-26-042/

Patch

https://upsonic.ai/