By weakness (CWE)

CWE-294: related vulnerabilities

CVEs classified under CWE-294. Understanding the weakness class helps prioritize systemic fixes over one-off patches.

1 published vulnerability

  • CVE-2026-46538MEDIUM 5.9

    Microsoft UFO is an open-source automation framework that lets multiple devices work together on tasks. In version 3.0.1-4-ge2626659, it has a flaw where one authenticated device can trick another device by sending a fake task completion message. When Device A receives a task from the coordinator, the system should only accept a completion message from Device A itself. Instead, the system accepts completion messages from any authenticated device as long as they use the same task ID. An attacker with legitimate access to the network can exploit this to inject false results into another device's task, potentially disrupting automated workflows.