CVE-2026-46538: Microsoft UFO Cross-Device Task Result Injection (CVSS 5.9)
Microsoft UFO is an open-source automation framework that lets multiple devices work together on tasks. In version 3.0.1-4-ge2626659, it has a flaw where one authenticated device can trick another device by sending a fake task completion message. When Device A receives a task from the coordinator, the system should only accept a completion message from Device A itself. Instead, the system accepts completion messages from any authenticated device as long as they use the same task ID. An attacker with legitimate access to the network can exploit this to inject false results into another device's task, potentially disrupting automated workflows.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 5.9 MEDIUM · CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L
- Weaknesses (CWE)
- CWE-294, CWE-345
- Affected products
- 0 configuration(s)
- Published / Modified
- 2026-05-27 / 2026-06-17
NVD description (verbatim)
Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's constellation client tracks pending task responses by session_id only and does not verify that a TASK_END message came from the device that originally received the task. When the constellation sends a task to a target device, it records a pending Future under a session key. The pending task record stores the expected device ID, but the completion path ignores that binding. If another authenticated peer device sends a forged TASK_END with the same session_id, the constellation accepts the response and completes the victim device's pending Future with attacker-controlled result data. This is an authenticated cross-device task-result injection issue.
2 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
The vulnerability stems from insufficient validation in the constellation client's task completion handling. When a task is dispatched to a target device, the constellation stores a pending Future object indexed by session_id and internally tracks the expected device_id. However, the message completion path (TASK_END handler) only validates the session_id without cross-referencing the originating device against the stored device_id binding. This allows any authenticated peer device to forge a TASK_END message with a matching session_id and have its result data accepted and injected into the victim device's pending Future. The flaw affects CWE-294 (authentication bypass) and CWE-345 (insufficient verification of data authenticity), enabling authenticated cross-device result injection.
Business impact
Organizations relying on Microsoft UFO for orchestrating distributed automation tasks face a risk of task result manipulation. An internal threat actor or compromised peer device could alter task outcomes, leading to incorrect automation decisions, data corruption, or divergent state across the automation fabric. In supply-chain or multi-tenant scenarios, this could enable lateral privilege escalation or data exfiltration by injecting malicious results into privileged automation workflows. The impact is amplified in environments where UFO coordinates critical operations without downstream validation of results.
Affected systems
Microsoft UFO open-source framework version 3.0.1-4-ge2626659 is affected. The vulnerability requires an authenticated peer device within the constellation network, indicating impact is limited to deployments where multiple devices are coordinated through a shared constellation service. Users of earlier or later versions should verify their specific build against the affected commit hash and consult the Microsoft UFO project repository for patched releases.
Exploitability
Exploitation requires an authenticated peer device already connected to the constellation network, making the attack vector network-based but gated by authentication (CVSS PR:L). The attack has medium complexity due to the need to predict or observe the session_id of a target task and synchronize the forged TASK_END message timing. However, once these preconditions are met, injection is reliable and does not require user interaction. The threat is most acute in multi-tenant or loosely-federated constellation deployments where many peers have authentication credentials.
Remediation
The fix requires modification of the TASK_END message handler to validate that the device sending the completion message matches the device_id stored when the task was originally dispatched. This should be enforced as a mandatory check before accepting the result and resolving the pending Future. Additionally, consider implementing message signing or cryptographic binding of task responses to originating devices to prevent session_id reuse attacks. Apply patched versions of Microsoft UFO beyond the affected commit hash; verify the patch in the official Microsoft UFO repository or release notes.
Patch guidance
Check the Microsoft UFO project repository for releases or commits after 3.0.1-4-ge2626659. Update to the latest stable release that includes the device_id validation fix. If you are building from source, pull the latest main branch or a tagged release and rebuild. Test the updated constellation client in a non-production environment to verify that task routing and completion still function correctly across your device fleet before deploying to production.
Detection guidance
Monitor constellation logs for TASK_END messages where the sending device_id does not match the originally assigned target device for a given session_id. Implement alerting on mismatches, as they indicate potential injection attempts. Log all authentication credentials used to connect to the constellation and correlate them with unexpected TASK_END sources. Network-level detection can identify unusual task completion patterns by analyzing task dispatch and completion timelines; tasks completed by devices other than the assignee warrant investigation.
Why prioritize this
While the CVSS score of 5.9 (MEDIUM) reflects the requirement for prior authentication, the attack directly compromises task integrity in automated systems. Organizations running multi-device UFO constellations should prioritize this if peers have different trust levels or if task results feed into security-sensitive decisions. The vulnerability is not in CISA KEV, so it does not carry an active exploitation deadline, but the flaw is straightforward to exploit by insiders or compromised peers and warrants timely remediation to prevent subtle automation failures or lateral movement.
Risk score, explained
The CVSS 3.1 score of 5.9 (MEDIUM) reflects: (AV:N) network reachability via constellation protocol, (AC:H) high complexity due to session_id prediction and timing, (PR:L) requirement for an authenticated peer, (UI:N) no user interaction needed, (S:U) impact confined to the target device's task context, (C:N) no confidentiality breach, (I:H) high integrity impact via result injection, (A:L) low availability impact via potential task failures. The score appropriately penalizes the authentication prerequisite while recognizing the direct integrity threat to automated workflows.
Frequently asked questions
Can this vulnerability be exploited without authentication?
No. The attacker must already be an authenticated peer device connected to the constellation network. This limits the threat to insider risks or scenarios where a peer device has been compromised.
What versions of Microsoft UFO are affected?
Version 3.0.1-4-ge2626659 is documented as affected. Verify your exact build against the commit hash in the Microsoft UFO repository and consult the project's release notes or advisory for definitive patch boundaries.
How can we detect if this vulnerability has been exploited in our environment?
Search constellation logs for TASK_END messages received from a device different than the one originally assigned the task (device_id mismatch). Unexpected task completion sources or anomalous task results are indicators of exploitation.
Is there a workaround if we cannot patch immediately?
Implement strict device authentication and authorization at the network level to restrict which peers can join the constellation. Monitor and log all device connections and task completions. Consider segmenting your constellation to reduce the number of authenticated peers that could potentially inject results.
This analysis is provided for informational purposes and based on the published CVE record and source data available as of the publication date. SEC.co makes no warranties regarding the completeness or accuracy of this information. Organizations must verify patch versions and affected product configurations against official vendor advisories and their own deployment documentation. Do not rely solely on this summary for security decisions; consult Microsoft UFO's official repository and release notes. Exploitation requires authenticated access; assess your constellation's peer authentication policies accordingly. Source: NVD (public-domain), retrieved 2026-07-06. Analysis generated by SEC.co (claude-haiku-4-5).
Related vulnerabilities
- CVE-2026-47696MEDIUMWWBN AVideo AuthorizeNet Payment Bypass—Wallet Fraud Vulnerability
- CVE-2022-4992HIGHDräger Infinity M540 Patient Monitor Network Message Vulnerability
- CVE-2026-41577HIGHAuthentik SAML Assertion Validation Bypass (CWE-345)
- CVE-2026-47123HIGHFreeScout Email Spoofing Vulnerability – High-Severity Patch Available
- CVE-2018-25384MEDIUMStored XSS in Wikidforum 2.20 Allows Authenticated Attackers to Inject Malicious Scripts
- CVE-2018-25387MEDIUMHaPe PKH 1.1 Cross-Site Request Forgery (CSRF) Admin Password Reset
- CVE-2018-25393MEDIUMNavigate CMS 2.8.5 Path Traversal Vulnerability (CVSS 6.5)
- CVE-2018-25397MEDIUMCSRF Vulnerability in PHP-SHOP 1.0 – Admin Account Injection