Inkeep Agents Authentication Bypass Vulnerability in RunAuth Middleware Allowing Tenant Takeover

An authentication bypass vulnerability has been identified in Inkeep Agents version 0.58.14. This issue resides within the runAuth middleware, specifically in the createDevContext function. The vulnerability allows unauthenticated attackers to bypass authentication by injecting custom x-inkeep-* headers, enabling them to impersonate any tenant, project, or agent. This exploitation can lead to unauthorized data access, privilege escalation, and excessive consumption of backend API resources, particularly those linked to LLM providers like OpenAI or Anthropic.

Impact

Exploitation of this vulnerability allows for unauthenticated access to protected resources, impersonation of tenants and projects, and unauthorized consumption of API resources, which could result in billing fraud.

Reproduction

To reproduce this vulnerability, ensure the Inkeep Agents application is running in a development or test environment. Identify a protected endpoint that requires authentication, such as one of the run/agents/{agent_id}/chat endpoints. Then, send an unauthenticated POST request to the endpoint, including the target tenant, project, and agent IDs in the x-inkeep-* headers. The request will be processed as if it came from the specified tenant, bypassing authentication entirely.

Remediation

Users are advised to avoid deploying Inkeep Agents in development or test modes on public-facing servers. If such a deployment is necessary, ensure that appropriate safeguards are in place to prevent unauthorized access.