While working in DeepResearchAgent project dependencies, I found that the application uses streamlit, which is affected by an unauthenticated SSRF vulnerability (CVE-2026-33682). The issue occurs due to improper validation of filesystem paths, where malicious UNC paths can trigger outbound SMB requests. This may lead to NTLM credential exposure on Windows systems without requiring authentication.
CVE Report
CVE Link
While working in DeepResearchAgent project dependencies, I found that the application uses streamlit, which is affected by an unauthenticated SSRF vulnerability (CVE-2026-33682). The issue occurs due to improper validation of filesystem paths, where malicious UNC paths can trigger outbound SMB requests. This may lead to NTLM credential exposure on Windows systems without requiring authentication.
CVE Report
CVE Link