CVE-2026-6662: copilot-api RCE Vulnerability

CVE-2026-6662 Overview

A vulnerability was found in ericc-ch copilot-api up to version 0.7.0. The impacted element is the function cors of the file src/server.ts of the component Token Endpoint. Performing a manipulation results in permissive cross-domain policy with untrusted domains (CWE-346: Origin Validation Error). It is possible to initiate the attack remotely. The exploit has been made public and could be used.

Critical Impact

This vulnerability allows remote attackers to bypass cross-origin restrictions, potentially enabling unauthorized access to sensitive API endpoints and user data through malicious web domains.

Affected Products

• ericc-ch copilot-api up to version 0.7.0
• Applications utilizing the vulnerable Token Endpoint component
• Systems exposing the src/server.ts CORS configuration

Discovery Timeline

• 2026-04-20 - CVE-2026-6662 published to NVD
• 2026-04-22 - Last updated in NVD database

Technical Details for CVE-2026-6662

Vulnerability Analysis

This vulnerability stems from an Origin Validation Error (CWE-346) in the copilot-api package. The CORS (Cross-Origin Resource Sharing) implementation within the src/server.ts file fails to properly validate the origin of incoming requests to the Token Endpoint. This permissive configuration allows untrusted domains to interact with the API, bypassing the browser's same-origin policy protections.

When an application implements CORS incorrectly—such as by accepting all origins or failing to maintain a strict allowlist—it opens the door for cross-site request forgery and data theft scenarios. In this case, the vulnerable cors function does not adequately restrict which domains can access the Token Endpoint, allowing malicious websites to make authenticated requests on behalf of unsuspecting users.

Root Cause

The root cause of this vulnerability lies in the misconfigured CORS policy within the cors function in src/server.ts. The implementation likely uses overly permissive settings such as allowing all origins (*) or dynamically reflecting the Origin header without proper validation. This configuration error permits any external domain to make cross-origin requests to the Token Endpoint, effectively negating the security benefits of the same-origin policy.

Attack Vector

The attack can be initiated remotely over the network. An attacker would craft a malicious webpage that makes cross-origin requests to the vulnerable copilot-api Token Endpoint. When a victim visits the attacker's webpage while authenticated to the legitimate application, the browser includes the victim's credentials (cookies, tokens) in the request. Due to the permissive CORS policy, the malicious origin is allowed to read the response, potentially exposing sensitive tokens or enabling unauthorized actions.

The vulnerability mechanism involves the following exploitation pattern: The attacker hosts a malicious website containing JavaScript that makes fetch or XMLHttpRequest calls to the target Token Endpoint. The vulnerable CORS configuration returns an Access-Control-Allow-Origin header that permits the attacker's origin, allowing the browser to expose the response data to the attacker's script. For detailed technical analysis, see the GitHub CVE Issue Discussion and VulDB Vulnerability #358300.

Detection Methods for CVE-2026-6662

Indicators of Compromise

• Unusual cross-origin requests to the Token Endpoint from unexpected or untrusted domains
• Web server logs showing requests with suspicious Origin headers that receive successful responses
• Anomalous token generation or authentication activity from external referrers
• Evidence of data exfiltration through browser-based attacks targeting authenticated users

Detection Strategies

• Monitor HTTP response headers for overly permissive Access-Control-Allow-Origin values such as * or dynamically reflected origins
• Implement web application firewall (WAF) rules to flag requests from untrusted origins attempting to access sensitive endpoints
• Review application logs for cross-origin requests to the /token endpoint from domains not in the expected allowlist
• Deploy SentinelOne Singularity to detect suspicious API access patterns and anomalous authentication flows

Monitoring Recommendations

• Enable detailed logging for all CORS-related HTTP headers on the Token Endpoint
• Set up alerts for any changes to the CORS configuration in src/server.ts
• Monitor for unusual spikes in token generation requests, especially those originating from unexpected geographic locations or IP ranges
• Implement continuous security scanning to detect CORS misconfigurations in development and production environments

How to Mitigate CVE-2026-6662

Immediate Actions Required

• Upgrade ericc-ch copilot-api to a version newer than 0.7.0 that addresses this vulnerability
• Review and restrict the CORS configuration in src/server.ts to only allow explicitly trusted origins
• Implement a strict allowlist of permitted origins rather than using wildcard or dynamic reflection patterns
• Audit all API endpoints for similar CORS misconfigurations

Patch Information

Users should update to the latest version of copilot-api that addresses this vulnerability. Check the project's release notes and the VulDB Submission #794601 for the latest patch information. For additional context on the vulnerability and remediation guidance, refer to the VulDB CTI for #358300.

Workarounds

• Configure a reverse proxy or API gateway in front of the vulnerable endpoint to enforce strict CORS policies
• Implement server-side origin validation that checks incoming requests against an explicit allowlist before processing
• Use the credentials: false option in CORS configuration if cross-origin requests with credentials are not required
• Deploy a web application firewall (WAF) rule to block cross-origin requests from untrusted domains to the Token Endpoint

If implementing a temporary fix, ensure the CORS middleware is configured with an explicit origin parameter containing only trusted domains. Avoid using origin: true or origin: '*' patterns that allow arbitrary cross-origin access.