{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-30350", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-27T20:11:14.133Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-04-27T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-27T14:38:56.110Z"}, "descriptions": [{"lang": "en", "value": "An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service (DoS) via a crafted POST request."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/ibbybuilds/aegra/tree/main"}, {"url": "https://gist.github.com/syphonetic/d27b5965c884555acea1827988689f7d"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-400", "lang": "en", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-27T20:08:32.678052Z", "id": "CVE-2026-30350", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T20:11:14.133Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-30350", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-27T20:08:32.678052Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T20:11:06.241Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/ibbybuilds/aegra/tree/main"}, {"url": "https://gist.github.com/syphonetic/d27b5965c884555acea1827988689f7d"}], "descriptions": [{"lang": "en", "value": "An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service (DoS) via a crafted POST request."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-27T14:38:56.110Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30350", "state": "PUBLISHED", "dateUpdated": "2026-04-27T20:11:14.133Z", "dateReserved": "2026-03-04T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-27T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service (DoS) via a crafted POST request."}], "id": "CVE-2026-30350", "lastModified": "2026-04-27T21:16:33.383", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-27T15:16:08.570", "references": [{"source": "cve@mitre.org", "url": "https://gist.github.com/syphonetic/d27b5965c884555acea1827988689f7d"}, {"source": "cve@mitre.org", "url": "https://github.com/ibbybuilds/aegra/tree/main"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "e9a89f"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "aegra", "vendor": "ibbybuilds"}], "analysis": {"en": {"generated_at": "2026-04-28T04:58:15.861807+00:00", "value": {"mitigation_remediation": ["Apply any vendor-released patch or upgrade the Agent Protocol server to a version that includes a fix for the DoS vulnerability.", "Implement input validation and enforce size or rate limits on the /store/items/search endpoint to prevent resource exhaustion.", "Configure network devices or a load balancer to detect and block excessive or malformed POST requests targeting the vulnerable endpoint."], "summary": {"action": "Apply Fix", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The affected component is the Agent Protocol server, but the vendor and specific product names are not listed in the available data. No version or configuration details are provided, so the scope of affected infrastructure remains unclear beyond the presence of the /store/items/search endpoint.", "description_and_impact": "An attacker can send a crafted POST request to the /store/items/search endpoint of the Agent Protocol server and force the service into a state where it can no longer respond to legitimate traffic, effectively disrupting availability. This vulnerability is an instance of uncontrolled resource consumption as defined by CWE-400 and can lead to a complete denial of service on the affected system.", "risk_and_exploitability": "The vulnerability carries a CVSS score of 7.5, indicating a high severity and a significant impact on service availability. The EPSS score is not available, so the current probability of exploitation cannot be quantified. It is not listed in the CISA KEV catalog, suggesting no confirmed exploitation in the wild yet. The attack can be performed remotely with a crafted POST request; authentication requirements are not specified, so it is inferred that the request may be unauthenticated or that minimal credentials are required."}}}}, "created": "2026-04-28T05:00:14.755030+00:00", "title": "Denial of Service via Crafted POST Request to /store/items/search on Agent Protocol Server", "updated": "2026-04-28T09:17:40.305989+00:00", "vendors": ["ibbybuilds", "ibbybuilds$PRODUCT$aegra"]}