top of page
perceptive_background_267k.jpg

A security vulnerability has been detected in rowboatlabs rowboat up to 0.1.67. This impacts the function tool_call of the file apps/experimental/tools_webhook/…

Published:

19 April 2026 at 22:00:00

Alert date:

20 April 2026 at 13:00:48

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Enterprise Applications

A security vulnerability (CVE-2026-6635) has been identified in rowboatlabs rowboat up to version 0.1.67. The vulnerability affects the tool_call function in apps/experimental/tools_webhook/app.py within the tools_webhook component. Attackers can manipulate the X-Tools-JWE argument to bypass authentication mechanisms. The attack can be performed remotely and the exploit has been publicly disclosed. The vendor was contacted about this disclosure but has not responded.

Technical details

Mitigation steps:

Affected products:

rowboatlabs rowboat

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-6635
https://github.com/Dave-gilmore-aus/security-advisories/blob/main/rowbat-advisory
https://vuldb.com/submit/793433
https://vuldb.com/vuln/358269
https://vuldb.com/vuln/358269/cti

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page