By weakness (CWE)
CWE-488: related vulnerabilities
CVEs classified under CWE-488. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
1 published vulnerability
- CVE-2026-46416MEDIUM 6.3
Microsoft UFO, an open-source intelligent automation framework, has a flaw in how it manages WebSocket connections used for remote automation across devices and platforms. The vulnerability stems from improper reuse of a shared connection handler that processes authenticated user requests. When multiple users connect simultaneously, their connection contexts get mixed up—specifically, responses intended for one user can be delivered to another user who connected most recently. This allows an authenticated attacker to intercept and view responses that were meant for a different authenticated session, potentially exposing sensitive automation results or command outputs.