Vulnerabilities ›

CVE-2026-5585

Medium

CWE-200 — Weakness Type

                    Published: Apr 5, 2026                      ·  Modified: Apr 8, 2026                      ·  Source: NVD                

CVSS v3

5.3

🔗 NVD Official

📄 Description (English)

A vulnerability was found in Tencent AI-Infra-Guard 4.0. The affected element is an unknown function of the file common/websocket/task_manager.go of the component Task Detail Endpoint. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

🤖 AI Executive Summary

Tencent AI-Infra-Guard 4.0 contains an information disclosure vulnerability in the Task Detail Endpoint that allows remote attackers to access sensitive data through manipulation of the task_manager.go component. The vulnerability has been publicly disclosed with no vendor response, increasing exploitation risk for organizations using this software.

📄 Description (Arabic)

تحتوي نسخة 4.0 من Tencent AI-Infra-Guard على ثغرة في مكون Task Detail Endpoint تسمح بالوصول غير المصرح إلى المعلومات الحساسة. يمكن استغلال الثغرة عن بعد دون الحاجة إلى مصادقة، مما يشكل خطراً على سرية البيانات. تم الكشف عن الثغرة علناً ولم يستجب البائع لطلبات الإفصاح المسؤول.

🤖 ملخص تنفيذي (AI)

تم اكتشاف ثغرة في Tencent AI-Infra-Guard 4.0 تسمح بالكشف عن المعلومات الحساسة عبر نقطة نهاية Task Detail. يمكن للمهاجمين البعيدين استغلال هذه الثغرة من خلال التلاعب بمكون task_manager.go دون الحاجة إلى بيانات اعتماد.

🤖 AI Intelligence Analysis Analyzed: May 29, 2026 15:03

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: medium

🏢 Affected Saudi Sectors

telecom energy government healthcare

🎯 MITRE ATT&CK Techniques

T1040 T1041 T1005

⚖️ Saudi Risk Score (AI)

6.0

/ 10.0

🔧 Remediation Steps (English)

Immediately update Tencent AI-Infra-Guard to the latest patched version if available. If no patch exists, implement network segmentation to restrict access to the Task Detail Endpoint, disable the affected component if not critical, monitor for suspicious access patterns, and consider alternative solutions until a security update is released.

🔧 خطوات المعالجة (العربية)

قم بتحديث Tencent AI-Infra-Guard إلى أحدث إصدار معدل فوراً. إذا لم يتوفر تصحيح، قم بتقسيم الشبكة لتقييد الوصول إلى نقطة النهاية، وعطل المكون المتأثر إذا لم يكن حرجاً، وراقب أنماط الوصول المريبة، وفكر في حلول بديلة.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC-1.1 ECC-2.2 ECC-3.1

🔵 SAMA CSF

ID.RA-1 PR.AC-1 PR.DS-1

🟡 ISO 27001:2022

A.5.1.1 A.6.1.1 A.13.1.1

🔗 References & Sources 4

🔗

https://gist.github.com/YLChen-007/fe4b834144ad535d167507c2008d4011

cna@vuldb.com

🔗

https://vuldb.com/submit/784198

cna@vuldb.com

🔗

https://vuldb.com/vuln/355384

cna@vuldb.com

🔗

https://vuldb.com/vuln/355384/cti

cna@vuldb.com

📊 CVSS Score

5.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityN — None / Network

AvailabilityN — None / Network

📋 Quick Facts

Severity Medium

CVSS Score5.3

CWECWE-200

EPSS0.03%

Exploit No

Patch ✗ No

Published 2026-04-05

Source Feed nvd

🇸🇦 Saudi Risk Score

6.0

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

CWE-200

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-5585

💬 Comments

Introduce Yourself

Sign In Required