Skip to content

engram: HTTP server CORS wildcard + auth-off-by-default enables CSRF graph exfiltration and persistent indirect prompt injection

High severity GitHub Reviewed Published Apr 18, 2026 in NickCirv/engram • Updated Apr 23, 2026

No closed alerts for this advisory

Give feedback on Dependabot alerts