AGL App-Framework-Binder Privilege Escalation Vulnerability

Vulnerability

A privilege escalation vulnerability has been identified in the AGL app-framework-binder component, specifically in versions through v19.90.0. The issue arises in the supervision Do command, where the on_supervision_call function nullifies request credentials before executing an API call controlled by the attacker. This allows the execution of any registered API with a NULL credential context, potentially bypassing authorization mechanisms and escalating privileges.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation within the AGL app-framework-binder environment.

Added: May 1, 2026, 5:30 PM

Updated: May 1, 2026, 5:30 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

4.8

remediation

0.0

relevance

7.2

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

4.8

remediation

0.0

relevance

7.2

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AGL App-Framework-Binder Privilege Escalation Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating