#cwe-346 主题 - Cyber Security Daily Radar

AgentFlow's local web API accepts non-JSON content types on POST /api/runs and POST /api/runs/validate endpoints without enforcing application/json validation, allowing attackers to bypass trust-boundary enforcement on sensitive operations. Attackers can exploit this content-type validation weakness through browser-driven or local cross-origin requests to abuse the localhost API and enable attack

💡 风险点: 原文内容（由于配额限制，未进行深度 LLM 分析）

🎯 建议动作: 建议根据原文自行评估

排序因子: 有可用补丁/修复方案 (+3) | Secondary 数据源 (+2) | 包含 CVE (+2) | 影响关键基础设施/核心组件 (+4) | LLM 评分加成 (+0.4)

CVE-2026-7439

AgentFlow's local web API accepts non-JSON content types on POST /api/runs and POST /api/runs/validate endpoints without enforcing application/json validation, allowing attackers to bypass trust-boundary enforcement on sensitive operations. Attackers can exploit this content-type validation weakness through browser-driven or local cross-origin requests to abuse the localhost API and enable attack

💡 影响/原因: 原文内容（由于配额限制，未进行深度 LLM 分析）

🎯 建议动作: 建议根据原文自行评估

排序因子: Primary 数据源 (+3) | LLM 评分加成 (+0.4)

CVE-2026-22077

OPPO Wallet APP contains a trusted domain validation flaw that allows attackers to bypass protected interface access restrictions, which may lead to account token hijacking and sensitive information disclosure.

💡 影响/原因: 原文内容（由于配额限制，未进行深度 LLM 分析）

🎯 建议动作: 建议根据原文自行评估

排序因子: Primary 数据源 (+3) | LLM 评分加成 (+0.4)

Cyber Security Daily Radar

#cwe-346

AgentFlow's local web API accepts non-JSON content types on POST /api/runs and POST /api/runs...

AgentFlow's local web API accepts non-JSON content types on POST /api/runs and POST /api/runs/validate endpoints without enforcing application/json validation, allowing attacker...

OPPO Wallet APP contains a trusted domain validation flaw that allows attackers to bypass protected interface access restrictions, which may lead to account token hijacking and ...