Aegra has cross-user run injection in /threads/{thread_id}/runs (IDOR)
Aegra deployments running 0.9.0 through 0.9.6 with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated user (User A), given another user's thread_id (User B), can: Execute graph runs against User B's thread via POST /threads/{thread_id}/runs, POST /threads/{thread_id}/runs/stream, or POST /threads/{thread_id}/runs/wait Read User B's full checkpoint state via the resulting run's output field Inject arbitrary messages into User B's conversation history (persisted in B's …