Skip to content
Verified reproduction

CVE-2026-58169: Vibe-Trading DNS rebinding authentication bypass leading to RCE

CVE-2026-58169 is verified against the affected target vulnerability class: RCE This high reproduction includes runnable sandbox proof, artifacts, and a plain-text agent view under REPRO-2026-00254.

REPRO-2026-00254 RCE Variant found Jul 6, 2026 .txt
Severity HIGH
Confidence HIGH
Reproduced in 18m 8s
Tool calls 239
Spend $3.88
$ pruva-verify REPRO-2026-00254
or curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00254/artifacts/bundle/repro/reproduction_steps.sh && chmod +x reproduction_steps.sh && ./reproduction_steps.sh
Run in a VM or disposable container. This exploits a real vulnerability.
02 · The vulnerability

Vibe-Trading before 0.1.10 contains a DNS rebinding authentication bypass vulnerability. An unauthenticated attacker can use DNS rebinding to bypass authentication and then trigger remote code execution. Reproduce: run Vibe-Trading <0.1.10, configure a DNS rebinding setup that targets the application, send requests that bypass the authentication check, and then invoke the code-execution primitive.

03 · Root cause
Variant analysis
04 · Reproduction transcript

The agent's step-by-step process — every tool call, every handoff, the moment the exploit fired. Phases: support triages the advisory · repro reproduces it · vuln_variant confirms the fix blocks it · judge verifies.

Loading session...

05 · Artifacts

Scripts, logs, diffs, and output captured during the reproduction.

bundle/artifact_promotion_manifest.json17.9 KB
bundle/vuln_variant/source_identity.json1.5 KB
bundle/vuln_variant/root_cause_equivalence.json3.0 KB
bundle/logs/vuln_rce_proof.txt0.0 KB
bundle/logs/vuln_trace.jsonl1.0 KB
bundle/logs/dns_rebind_proof.txt0.0 KB
bundle/repro/reproduction_steps.sh15.7 KB
bundle/repro/rca_report.md12.0 KB
bundle/repro/validation_verdict.json1.0 KB
bundle/repro/runtime_manifest.json1.2 KB
bundle/logs/fixed_create_session.txt0.0 KB
bundle/logs/vuln_create_session.txt0.2 KB
bundle/logs/reproduction_steps.log3.1 KB
bundle/logs/vuln_send_message.txt0.1 KB
bundle/logs/vuln_session_messages.json0.5 KB
bundle/logs/vuln_settings_write.txt0.2 KB
bundle/logs/fixed_normal_loopback.txt0.2 KB
bundle/logs/fixed_settings_write.txt0.0 KB
bundle/logs/api_server_vulnerable.log1.1 KB
bundle/logs/api_server_fixed.log0.8 KB
bundle/logs/mock_llm_server.log0.1 KB
bundle/logs/dns_rebind_server.log0.1 KB
bundle/vuln_variant/reproduction_steps.sh14.4 KB
bundle/logs/vuln_variant/fixed_optedin_ts_rce_proof.txt0.0 KB
bundle/logs/vuln_variant/fixed_default_host_testserver.txt0.2 KB
bundle/logs/vuln_variant/fixed_default_host_rebind.attacker.test.txt0.1 KB
bundle/logs/vuln_variant/variant_steps.log2.9 KB
bundle/vuln_variant/variant_manifest.json4.4 KB
bundle/vuln_variant/validation_verdict.json3.6 KB
bundle/vuln_variant/patch_analysis.md11.2 KB
bundle/vuln_variant/rca_report.md14.3 KB
bundle/vuln_variant/runtime_manifest.json3.6 KB
bundle/logs/vuln_variant/vuln_host_rebind.attacker.test.txt0.2 KB
bundle/logs/vuln_variant/vuln_host_testserver.txt0.2 KB
bundle/logs/vuln_variant/vuln_host_localhost.txt0.2 KB
bundle/logs/vuln_variant/vuln_rce_proof.txt0.0 KB
bundle/logs/vuln_variant/fixed_default_host_localhost.txt0.2 KB
bundle/logs/vuln_variant/fixed_default_ts_msg.txt0.1 KB
bundle/logs/vuln_variant/fixed_optedin_host_rebind.attacker.test.txt0.1 KB
bundle/logs/vuln_variant/fixed_optedin_host_testserver.txt0.2 KB
bundle/logs/vuln_variant/fixed_optedin_ts_msg.txt0.1 KB
bundle/logs/vuln_variant/fixed_optedin_ts_state.json0.0 KB
bundle/logs/vuln_variant/fixed_optedin_ts_req.json0.1 KB
bundle/logs/vuln_variant/api_server_vuln.log1.1 KB
bundle/logs/vuln_variant/api_server_fixed-default.log2.5 KB
bundle/logs/vuln_variant/api_server_fixed-optedin.log2.5 KB
bundle/logs/vuln_variant/mock_llm_server.log0.0 KB