Skip to content

[security] brain.feedback accepts unverified target_id (state pollution) #396

Open
Open
[security] brain.feedback accepts unverified target_id (state pollution)#396
Labels
adr-alignmentADR v1 series alignment workfollow-upDeferred from another PR
@ohdearquant

Description

@ohdearquant
ohdearquant
opened on May 25, 2026

Integration codex security review S-3.

brain.feedback accepts any target_id UUID without verifying it resolves in the caller's namespace. Lets any caller pollute BalancedRecallState.

Fix: verify target_id exists in caller's namespace before recording feedback.

Metadata

Metadata

Assignees

No one assigned

    Labels

    adr-alignmentADR v1 series alignment workfollow-upDeferred from another PR

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions