CVE-2026-46414: Microsoft UFO WebSocket Authentication Bypass and Role Spoofing
Microsoft UFO, an open-source framework for intelligent automation across devices and platforms, contains a critical authentication bypass in version 3.0.1-4-ge2626659. The vulnerability allows any authenticated client to impersonate higher-privilege roles and send malicious automation tasks to other connected devices. An attacker with valid credentials to the WebSocket control plane can register as a normal device, then switch to a privileged 'constellation' role mid-session and direct tasks to victim systems. Additionally, the client registry allows duplicate registrations that overwrite and disconnect legitimate devices from the network.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 8.8 HIGH · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Weaknesses (CWE)
- CWE-290, CWE-639, CWE-862
- Affected products
- 0 configuration(s)
- Published / Modified
- 2026-05-27 / 2026-06-17
NVD description (verbatim)
Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's WebSocket control plane trusts client-supplied identity and role fields in task messages. A client connection can register as a normal device, but later send a TASK message claiming client_type="constellation" and target_id=<victim-device-id>. The server trusts the role and target values from the wire message rather than enforcing the role registered for that WebSocket connection. As a result, any authenticated WebSocket client with the shared server token can spoof the higher-privilege constellation role and dispatch attacker-controlled tasks to another connected device. The same client registry also allows duplicate client_id registration, overwriting an existing live client's stored websocket, role, and task protocol. This is an authenticated WebSocket role/identity spoofing issue leading to peer task hijacking.
2 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
The vulnerability stems from two related design flaws in UFO's WebSocket control plane. First, the server validates the shared server token but fails to enforce consistency between the role registered at connection time and the client_type/role claims in subsequent TASK messages. An authenticated client can send wire messages declaring client_type="constellation" and specifying an arbitrary target_id, and the server accepts these claims without verifying they match the connection's initial authorization state. Second, the client registry does not enforce uniqueness on client_id, permitting duplicate registrations that overwrite existing WebSocket connections. A malicious actor can register with a victim device's client_id to steal or terminate that device's active session. Both flaws require prior authentication (shared server token), but once inside, an attacker gains lateral movement and task injection capabilities across the peer network.
Business impact
Organizations deploying UFO for distributed automation face significant operational and security risks. A compromised or malicious insider with valid credentials can hijack automation workflows targeting critical infrastructure, manufacturing lines, or enterprise systems. Tasks injected via spoofed constellation identity could exfiltrate data, modify configuration, execute arbitrary code, or disrupt services on target devices. The ability to overwrite legitimate client registrations also enables denial-of-service attacks by forcing disconnection of authorized devices. In supply-chain scenarios where UFO orchestrates cross-platform operations, such attacks could propagate widely before detection.
Affected systems
Microsoft UFO version 3.0.1-4-ge2626659 is confirmed vulnerable. Because the source data does not list specific vendor products and this is an open-source framework, deployments worldwide may be affected. Organizations should audit all instances of UFO running version 3.0.1-4-ge2626659 or earlier. Check deployment documentation and version control logs to identify all systems, especially those handling sensitive automation tasks or operating in zero-trust environments where peer compromise was not anticipated.
Exploitability
Exploitation requires prior authentication—an attacker must possess or obtain a valid shared server token to connect to the WebSocket control plane. This prerequisite significantly reduces the attack surface for internet-facing deployments but does not eliminate risk in scenarios where tokens are widely distributed, reused, or insufficiently rotated. Once authenticated, the exploit is trivial: send a TASK message with spoofed role and target fields. No interaction with the user of the target device is required, and the attack is not detected by default. The ability to overwrite client registrations and redirect live sessions further lowers the bar for causing impact. In insider threat or compromised-credential scenarios, this is a high-confidence attack path.
Remediation
Upgrade to a patched version of Microsoft UFO that enforces role consistency and prevents duplicate client registration. Verify the exact patched version against the official Microsoft advisory. Until a patch is available, implement network controls: restrict WebSocket access to trusted subnets, enforce certificate-based mutual TLS authentication in addition to token sharing, implement rate limiting on TASK message dispatch, and monitor for anomalous role transitions or duplicate client_id registrations. Rotate shared server tokens on a strict schedule and audit token distribution to reduce the likelihood of credential compromise.
Patch guidance
Consult the official Microsoft security advisory for CVE-2026-46414 to identify the recommended patched version. Apply patches in a staged approach: test in a non-production UFO environment first to ensure automation workflows continue to function, then roll out to production instances, starting with those handling the most sensitive operations. Given the ease of exploitation post-authentication, prioritize patching higher than routine updates. Maintain inventory of all UFO deployments so no instance is missed.
Detection guidance
Monitor WebSocket control plane logs for: (1) TASK messages where the claimed client_type or role differs from the registered role for that connection session, (2) multiple WebSocket connections registering the same client_id in short succession, (3) TASK messages targeting devices not expected to communicate, and (4) rapid role transitions or high-volume task dispatch from a single authenticated client. Implement alerting on these patterns. Log all connection registrations, role assignments, and task dispatches with timestamps and source identity for forensic analysis. If UFO does not natively emit these logs, consider deploying a proxy or network TAP to capture WebSocket traffic for post-incident investigation.
Why prioritize this
This vulnerability scores CVSS 8.8 (HIGH) and warrants immediate attention despite not yet appearing on the CISA KEV catalog. The combination of high privileges gained post-authentication, ease of exploitation, and direct impact on mission-critical automation systems makes it a priority for any organization using UFO. The lack of KEV status does not imply low risk—it indicates the advisory is recent or exploitation is not yet widespread in public reporting. Do not delay patching or hardening based on KEV absence.
Risk score, explained
The CVSS 3.1 score of 8.8 reflects high severity across confidentiality, integrity, and availability. Attack vector is network (AV:N), attack complexity is low (AC:L), and privileges required is low (PR:L)—authenticated users can easily exploit this without special conditions. User interaction is not required (UI:N), and the scope is unchanged (S:U). The impact is complete: an attacker gains high-confidence capability to read task data, modify device state, and disrupt operations. The primary limiting factor is the authentication requirement (PR:L), which prevents unauthenticated network attack but is often insufficient as a control in environments with credential leakage, insider threats, or token reuse.
Frequently asked questions
Do I need to patch UFO if my deployment is air-gapped or behind a firewall?
Yes. While network isolation reduces external attack surface, this vulnerability is exploitable by any authenticated client, including insiders, compromised build systems, or lateral movement from adjacent networks. If your UFO deployment handles critical automation or connects to sensitive infrastructure, patch regardless of network topology.
What if I cannot upgrade to a patched version immediately?
Implement compensating controls: restrict WebSocket listener binding to localhost or specific trusted subnets, enforce mutual TLS with certificate pinning, rotate shared server tokens weekly, and deploy intrusion detection focused on anomalous TASK messages. Log all WebSocket events extensively. These do not eliminate risk but significantly raise the bar for exploitation and improve detection.
Could this vulnerability be exploited by an unauthenticated attacker?
No. The vulnerability requires a valid shared server token to establish a WebSocket connection. However, do not interpret this as a comfort—tokens may be compromised, reused across environments, or distributed to third parties. Treat token compromise as a realistic threat model.
How does the duplicate client_id registration flaw compound the main vulnerability?
An attacker who registers with a victim device's client_id will overwrite the victim's WebSocket connection, severing the legitimate device from the control plane and taking its place in the registry. The attacker can then send TASK messages as if they were that device, or redirect tasks meant for that device. This amplifies the impact by enabling device spoofing, not just role spoofing.
This analysis is provided for informational purposes and does not constitute professional security advice. Confirm all technical details against official Microsoft security advisories and UFO release notes before making patch or deployment decisions. No exploit code or weaponization guidance is included. Organizations should engage qualified security personnel to assess their specific risk posture and implement appropriate controls. The lack of CISA KEV designation does not reflect the true risk to deployed systems and should not be used as justification to delay remediation. Source: NVD (public-domain), retrieved 2026-07-06. Analysis generated by SEC.co (claude-haiku-4-5).
Related vulnerabilities
- CVE-2026-41160MEDIUMEspoCRM Broken Access Control in Note Pinning API (v9.3.5 Patch)
- CVE-2018-25391HIGHHaPe PKH 1.1 Authorization Bypass – Unauthorized Record Deletion Vulnerability
- CVE-2025-14772HIGHABB T-MAC Plus Authorization Bypass (CVSS 8.8)
- CVE-2025-26418HIGHAndroid CarDevicePolicyService Privilege Escalation (CVSS 7.8)
- CVE-2025-53345HIGHThimPress Thim Core Missing Authorization Leads to Code Execution
- CVE-2026-10737HIGHWordPress SP Project & Document Manager Unauthenticated File Access Vulnerability
- CVE-2026-31942HIGHLibreChat IDOR Vulnerability Allows Unauthorized API Key Manipulation
- CVE-2026-32905HIGHOpenClaw Device-Pair Authorization Bypass (CVSS 8.3)