# SUBMIT Handoff — 2026-02-15

18 draft reports ready for submission on **huntr.com**.

## Priority Queue (submit in this order)

### Critical / High Confidence (submit first)

| # | ID | Program | Title | Sev | Conf | Report |
|---|-----|---------|-------|-----|------|--------|
| 1 | 35 | DB-GPT | RCE via code evaluation on PDF table content | critical | high | `DB-GPT-PDFEvalRCE-2026-02-13.md` |
| 2 | 37 | DB-GPT | Sandbox blocklist bypass, unauthenticated RCE | critical | high | `DBGPT-SandboxBlocklistBypassRCE-2026-02-14.md` |
| 3 | 40 | ComfyUI | Unsafe deserialization via LoadTrainingDataset (RCE) | critical | high | `ComfyUI-TorchLoadRCE-2026-02-13.md` |
| 4 | 45 | SuperAGI | RCE via dynamic code evaluation on LLM output | critical | high | `SuperAGI-EvalRCE-2026-02-13.md` |
| 5 | 6 | LibreChat | Password Reset Token Leaked (Account Takeover) | critical | high | `LibreChat-PasswordResetLinkLeak-2026-02-12.md` |

### High / High Confidence

| # | ID | Program | Title | Sev | Conf | Report |
|---|-----|---------|-------|-----|------|--------|
| 6 | 34 | DB-GPT | Arbitrary SQL Execution via Chart Editor (No Auth) | high | high | `DB-GPT-SQLi-2026-02-13.md` |
| 7 | 52 | ComfyUI | Multi-user header spoofing, cross-user data access | high | high | `ComfyUI-MultiUser-HeaderImpersonation-2026-02-15.md` |
| 8 | 50 | OpenUI | Predictable LiteLLM master key (missing f-string) | high | high | `OpenUI-LiteLLM-MasterKey-2026-02-14.md` |
| 9 | 4 | LibreChat | IDOR via userId Override in User Key Update | high | high | `LibreChat-IDOR-2026-02-12.md` |
| 10 | 14 | RAGFlow | Inverted Authorization Check in web_crawl | high | high | `RAGFlow-AuthBypass-2026-02-12.md` |
| 11 | 16 | RAGFlow | Path Traversal via /parse Endpoint | high | high | `RAGFlow-PathTraversal-2026-02-12.md` |
| 12 | 17 | RAGFlow | SSRF via MCP Server Registration | high | high | `RAGFlow-MCP-SSRF-2026-02-13.md` |
| 13 | 12 | BentoML | PickleSerde RCE on dependency endpoints | high | high | `BentoML-PickleRCE-2026-02-12.md` |
| 14 | 47 | SuperAGI | Path Traversal in file upload | high | high | `SuperAGI-PathTraversal-2026-02-13.md` |

### High / Medium Confidence

| # | ID | Program | Title | Sev | Conf | Report |
|---|-----|---------|-------|-----|------|--------|
| 15 | 36 | DB-GPT | Stored SQLi via get_editor_chart_info | high | medium | `DB-GPT-SQLi-2026-02-13.md` (same file as #34, submit as one) |

### Medium Severity

| # | ID | Program | Title | Sev | Conf | Report |
|---|-----|---------|-------|-----|------|--------|
| 16 | 51 | OpenUI | Unauthenticated share write, XSS + S3 abuse | medium | high | `OpenUI-UnauthShareWrite-2026-02-14.md` |
| 17 | 3 | MLflow | Source Validation Bypass in CreateModelVersion | medium | medium | `MLflow-FileRead-2026-02-12.md` |
| 18 | 19 | RAGFlow | Unauthenticated Image/Storage Access | medium | medium | `RAGFlow-UnauthImageAccess-2026-02-12.md` |

## Investigation Notes

- **#34 + #36** share the same report file. Submit as one report with multiple occurrences (20% bonus per occurrence).
- **#37 DB-GPT Sandbox** upgraded to critical after investigation: multiple bypass vectors confirmed (alternate import syntax, importlib, bash code_type), zero auth on /api/execute.
- **#52 ComfyUI multi-user** — emphasize that --multi-user implements per-user isolation (separate dirs, owner_id checks, system user blocking) demonstrating security intent. Auth layer is simply missing.
- **#50 OpenUI LiteLLM key** — Docker ENTRYPOINT defaults to --litellm. LiteLLM binds 0.0.0.0. Key is always the literal string `sk-{SESSION_KEY}`.
- **#51 OpenUI share** — Three vulns in one: missing auth (CWE-306), stored XSS via HTML (CWE-79), S3 cost abuse (CWE-400).

## Programs Summary

| Program | Reports | Platform |
|---------|---------|----------|
| DB-GPT | 3 (2 files) | huntr |
| ComfyUI | 2 | huntr |
| LibreChat | 2 | huntr |
| RAGFlow | 3 | huntr |
| SuperAGI | 2 | huntr |
| OpenUI | 2 | huntr |
| BentoML | 1 | huntr |
| MLflow | 1 | huntr |

## Workflow

For each report:
1. `python3 scripts/huntr_paste.py reports/<file>.md` to get paste-ready fields
2. Go to huntr.com, New Report, select program
3. Fill form fields from paste output
4. After submission: `python3 scripts/submission.py mark --finding-id N --url "<url>"`