Xalgorix AI Tool Vulnerability Exposes Sensitive Data
Key Takeaways A critical vulnerability (CVE-2024-XXXXX, awaiting official assignment) has been identified in the Xalgorix AI penetration testing platform. The flaw affects Xalgorix versions 0.0.1...
Key Takeaways
- A critical vulnerability (CVE-2024-XXXXX, awaiting official assignment) has been identified in the Xalgorix AI penetration testing platform.
- The flaw affects Xalgorix versions 0.0.1 through 0.0.3 and could lead to unauthorized exposure of sensitive data.
- The vulnerability is rated with a CVSS score of 9.8 (Critical).
- The issue stems from insufficient access control within the local Web UI, allowing unauthenticated users to access sensitive files.
- Users are urged to update to Xalgorix version 0.0.4 or later immediately to mitigate the risk.
Critical Vulnerability Exposes Sensitive Data in Xalgorix AI Pentesting Tool
A significant security flaw has been discovered in Xalgorix, an open-source, self-hosted AI-powered penetration testing platform. This vulnerability, tracked as CVE-2024-XXXXX (pending official assignment) and rated with a critical CVSS score of 9.8, could allow unauthenticated attackers to access sensitive data, including API keys and target information, from affected systems.
Table Of Content
Xalgorix is designed to autonomously identify and verify vulnerabilities using a large language model (LLM) agent coupled with an independent exploit verification layer. This “detect, then prove” methodology aims to provide security teams with confirmed findings and working proof-of-concept evidence, rather than a backlog of potential issues. The platform’s comprehensive 22-phase testing methodology mirrors human penetration testing workflows, covering everything from reconnaissance to exploit verification and final reporting.
The Vulnerability: Unauthenticated Access to Sensitive Files
The core of the newly identified vulnerability lies within the platform’s local Web UI, which typically runs on port 9137. Researchers found that insufficient access control mechanisms within this interface allowed unauthenticated users to download files from arbitrary paths on the host system. This includes critical files such as API keys, scan data, and target configurations, which Xalgorix explicitly states remain within the user’s infrastructure.
Specifically, the flaw impacts Xalgorix versions 0.0.1, 0.0.2, and 0.0.3. The potential for data exposure is severe, as an attacker gaining access to these files could compromise ongoing penetration tests, sensitive target information, and potentially other systems on the network.
Xalgorix: An Overview of the AI Pentesting Platform
Built using Go and TypeScript, Xalgorix offers a self-contained binary or Docker image, bundling an extensive suite of offensive security tools like nmap, nuclei, and sqlmap. Its “bring-your-own-LLM” model supports integration with various AI providers, including OpenAI, Anthropic, and Gemini, ensuring that sensitive data never leaves the user’s infrastructure. The platform’s local Web UI provides real-time telemetry of tool calls, agent reasoning, and findings.
Beyond traditional web application pentesting, Xalgorix supports wildcard and multi-target scans for red team operations and a source-code scanning mode. A unique “provision” mode allows for building and testing applications locally before deployment, providing verified exploit results even for unreleased code. The platform generates branded PDF reports with CVSS scoring, proof-of-concept evidence, and remediation guidance, with integrations for continuous monitoring via Discord, Telegram, and AgentMail.
The project, which is fully open source and available on GitHub, has garnered attention for its innovative verification-first approach in the rapidly evolving field of AI-driven pentesting agents. Its emphasis on independent exploit verification and completely self-hosted operation differentiates it from many open-source scanners and commercial DAST platforms.
What You Should Do
- Update Immediately: All users running Xalgorix versions 0.0.1, 0.0.2, or 0.0.3 must update to version 0.0.4 or later without delay.
- Review Logs: Check system and application logs for any signs of unauthorized access to the Xalgorix Web UI (typically port 9137) or unusual file access patterns.
- Network Segmentation: Ensure that the Xalgorix instance and its Web UI are properly isolated within a trusted network segment and not directly exposed to the internet.
- Access Control: Implement robust network access controls (e.g., firewalls) to restrict access to the Xalgorix Web UI to only authorized administrators and necessary systems.
- Credential Rotation: As a precautionary measure, consider rotating any API keys or credentials configured within Xalgorix if there is any suspicion of compromise.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.