MEDIUM 5.3

CVE-2026-46544: Microsoft UFO Session Reuse Information Disclosure Vulnerability

Microsoft's UFO framework for intelligent automation has a session reuse vulnerability affecting version 3.0.1-4-ge2626659. When a client completes a task, the session remains in memory with its results. An authenticated attacker who knows a past session ID can submit a new task request reusing that ID, causing the server to return stale results from the previous session to the new requester. This is not a critical vulnerability but poses a confidentiality risk—the attacker must be authenticated and must guess or know a valid session ID, limiting real-world exploitability.

Source data · NVD / CISA · public domain

CVSS
3.1 · 5.3 MEDIUM · CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Weaknesses (CWE)
CWE-639
Affected products
0 configuration(s)
Published / Modified
2026-05-27 / 2026-06-17

NVD description (verbatim)

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO accepts client-supplied session_id values in WebSocket task messages and reuses an existing in-memory session object if that session_id already exists. If a prior session has completed and remains in memory with populated results, a different authenticated client can send a new TASK message using the same session_id. The server re-enters the existing session object and sends the stale stored result to the new requester through the normal send_task_end() callback path. This is an authenticated cross-client stale result replay issue. The issue requires that the attacker knows or can predict a live or recently completed session_id.

2 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

CVE-2026-46544 stems from improper session object lifecycle management in Microsoft UFO. The framework accepts client-supplied session_id values in WebSocket TASK messages and maintains completed session objects in memory indefinitely. When a new TASK message arrives with a session_id matching a prior completed session, the server reuses that in-memory object and invokes send_task_end() with the original (stale) results. The vulnerability requires authentication—the attacker must hold valid credentials—and knowledge or prediction of an existing session_id. The affected version is 3.0.1-4-ge2626659.

Business impact

Exploiting this vulnerability allows an authenticated user to retrieve task results and sensitive data generated by other users' completed sessions, violating data confidentiality and user privacy. In multi-tenant or multi-user deployments, this could expose automation results containing API responses, file contents, or configuration data meant only for the original session owner. While the attacker cannot modify data or cause denial of service, the unauthorized information disclosure poses compliance and reputational risk, particularly in regulated environments handling user or customer data.

Affected systems

Microsoft UFO version 3.0.1-4-ge2626659 is directly affected. This is an open-source intelligent automation framework. Organizations running this specific version of UFO in production environments, especially those using WebSocket-based task submission with multi-user or multi-client scenarios, should assess their exposure. Verify your deployed version against the vendor advisory and release notes.

Exploitability

Exploitability is constrained by multiple prerequisites. The attacker must (1) hold valid authentication credentials to interact with the UFO service, (2) know or be able to predict a session_id from a completed session (which may be guessable or obtained via side-channel methods), and (3) have network access to the WebSocket endpoint. While authenticated attacks are generally more feasible within organizational networks, the session_id prediction requirement introduces uncertainty. The CVSS score of 5.3 (MEDIUM) reflects these barriers; this is not a trivial remote unauthenticated exploit.

Remediation

Upgrade to a patched version of Microsoft UFO that properly clears or invalidates session objects upon completion. Verify the specific patch version from Microsoft's advisory and release notes. In the interim, consider restricting WebSocket access to trusted networks, implementing session_id randomization to reduce predictability, or deploying a session management layer that aggressively expires completed sessions. Review logs for evidence of session_id reuse patterns that may indicate exploitation attempts.

Patch guidance

Check Microsoft's UFO repository and security advisories for the patched version released after 3.0.1-4-ge2626659. Apply the update to all systems running UFO. If UFO is embedded or vendored in another application, coordinate with your vendor for a full stack patch. Test the patched version in a staging environment before production deployment to ensure no regression in automation workflows.

Detection guidance

Monitor WebSocket traffic for TASK messages containing session_id values that correspond to recently completed or aged sessions. Log all session_id submissions and cross-reference them against the active session registry; repeated submissions of completed session_ids from different authenticated clients warrant investigation. Implement alerts on anomalous session_id patterns, such as sequential or guessed IDs. Check application logs for unexpected send_task_end() callbacks triggered by non-owner clients.

Why prioritize this

Although rated MEDIUM severity, prioritization depends on your deployment model. If UFO runs in a single-user or isolated environment with tight access controls, the risk is lower. If UFO powers multi-user automation services or integrates with customer-facing systems, prioritize patching to prevent data leakage. The requirement for authentication and session_id knowledge prevents this from being an immediate critical threat, but it should not be indefinitely deferred given the confidentiality impact.

Risk score, explained

The CVSS 3.1 score of 5.3 reflects a network-accessible vulnerability with low attack complexity (knowledge of session_id is required but feasible) requiring authenticated access. Confidentiality impact is rated HIGH because stale results may contain sensitive data; integrity and availability are unaffected. The score appropriately places this as MEDIUM—more serious than a low-impact flaw but below the threshold of critical exploits that require no authentication or cause widespread disruption.

Frequently asked questions

How would an attacker obtain or predict a valid session_id?

Session IDs may be predictable if they follow a simple numeric or sequential pattern, or if they are exposed through side-channel methods (error messages, logs, timing analysis). In some deployments, an attacker with access to past logs or network traffic might recover valid IDs. The vulnerability's exploitability hinges on this; truly random, high-entropy session IDs make guessing infeasible.

Does this vulnerability allow code execution or data modification?

No. CVE-2026-46544 is limited to unauthorized information disclosure. An attacker cannot inject commands, modify stored data, or cause a denial of service. The risk is confidentiality; the attacker receives stale results but cannot alter system state.

Do I need to patch immediately if I run UFO in isolation with few users?

If your UFO instance is isolated, single-user, or accessible only to highly trusted personnel behind a firewall, the practical risk is reduced but not eliminated. However, patching is still recommended as best practice. Multi-user or internet-facing deployments should prioritize patching sooner.

Can this vulnerability be exploited without authentication?

No. The vulnerability explicitly requires valid authentication credentials. Unauthenticated attackers cannot trigger the vulnerable code path. However, account compromise or shared credentials in multi-user environments reduce the barrier to exploitation.

This analysis is based on the CVE record and vendor data available as of the publication date. SEC.co makes no warranty regarding exploit availability, real-world incident reports, or the completeness of patch information. Organizations should verify all patch versions and deployment recommendations against official Microsoft UFO advisories and release notes. This vulnerability intelligence is provided for security professionals to inform risk management and patching decisions; it is not a substitute for vendor guidance or internal security review. Proof-of-concept code or exploit techniques are not provided herein. Source: NVD (public-domain), retrieved 2026-07-06. Analysis generated by SEC.co (claude-haiku-4-5).