This week, we look at how familiar API security failures — authentication bypasses, missing input validation allowing old school attacks like SQL injections — continue to surface across enterprise platforms and critical infrastructure.
From exposed supply-chain APIs to identity-layer weaknesses and unauthenticated RCEs, the pattern is clear: basic API controls still break in production.
We also explore the new identity challenges that emerge with API infrastructures being increasingly consumed by agentic AI ecosystems and how evolving identity standards aim to bring stronger, transaction-scoped controls to answer these challenges.
Lastly, yours truly, is co-presenting a webinar on the hot topic of securing Agentic AI with Omdia’s Chief Analyst, Rik Turner. I hope to see you there.
Vulnerability: SolarWinds Web Help Desk RCE via deserialization
SolarWinds has fixed a critical unauthenticated remote code execution vulnerability in its Web Help Desk (WHD) platform, resulting from insecure deserialization of untrusted data. According to Horizon3.ai’s analysis, the issue stems from the AjaxProxy component, where JSON-RPC request messages are not properly validated against strict schemas before being processed. Because the structure and content of incoming JSON-RPC payloads are not sufficiently constrained, specially crafted requests can reach dangerous deserialization paths and trigger the execution of arbitrary commands without authentication. This flaw, which received a CVSS score of 9.8, has been added to the CISA Known Exploited Vulnerabilities (KEV) catalog and reinforces a persistent lesson for API teams: failures in schema validation at the API boundary often precede full system compromise. SolarWinds has fixed the issue in Web Help Desk 2026.1, and it is strongly recommended that the patch be applied immediately, especially for publicly accessible instances.
Vulnerability: Keycloak unauthorized access to protected resources through invitation token manipulation
A high-severity authentication and authorization flaw has been disclosed in Keycloak, the widely used open-source identity and access management platform that is often found upstream of APIs. The vulnerability stems from incorrect validation of the signature of invitation JWT tokens, allowing an attacker to manipulate the contents of the tokens and self-register in organizations different from the one they had been invited to join. By modifying identity-related fields in a valid invitation token and reusing it, an attacker could bypass intended access controls and gain unauthorized access to protected resources. This issue highlights a recurring weakness in API security: the trust placed in context provided by the client or embedded in the token without strict server-side verification. Keycloak has released patches to address this issue, and users are strongly encouraged to update, as vulnerabilities at the identity layer can have cascading effects on all APIs and services that rely on the platform for authentication and authorization. Github advisory is here.
Vulnerability: Bluspark’s Bluvoyix supply chain platform exposed unauthenticated APIs and plaintext credentials
Security researcher Eaton Zveare discovered a set of critical vulnerabilities in Bluspark Global’s Bluvoyix maritime logistics and supply chain platform, which collectively exposed the platform’s APIs and customer data to the internet. The full disclosure is available here: Bluspark Bluvoyix Security Research. The vulnerabilities included unauthenticated API endpoints that returned sensitive data without credentials, exposed API documentation with interactive testing, the ability to create administrator accounts via unauthenticated HTTP POST requests, retrieval of plaintext passwords for all user accounts, and client-side code that could be used for malicious purposes to send phishing emails. Using these weaknesses in combination, an attacker could have viewed, modified, or canceled shipments and accessed decades of customer data from hundreds of companies using Bluvoyix without ever logging in. Zveare’s attempts to notify Bluspark were delayed by the lack of disclosure channels, leading to an escalation through the press before the issues were finally fixed and a vulnerability disclosure program was promised. Incidents like this highlight why unprotected APIs and misconfigured authentication remain systemic risks, particularly in critical infrastructure software, and how the lack of secure API design and disclosure processes can greatly amplify their impact.
Vulnerability: Order Up online ordering system — critical unauthenticated SQL injection
Security consultant Subhash Paudel of Spartans Security disclosed several unauthenticated SQL injection vulnerabilities in the Order Up v1.0 online ordering system. The full report is available here: Spartans Security Analysis. The flaws appear in the /api/integrations/getintegrations endpoint, where the store_id parameter of a POST request is integrated into backend SQL queries without proper validation or parameterization on the server side, allowing an unauthenticated attacker to manipulate database logic and retrieve or modify sensitive data. Security testing confirmed the effectiveness of boolean-based and timing-based blind SQL injection techniques, highlighting how easily specially crafted payloads can influence the execution of backend queries, even when no errors are reported. This incident serves as yet another reminder that SQL injection, despite being one of the oldest and most well-known vulnerabilities, remains ubiquitous in API contexts where user input is not rigorously validated and parameterized.
Article: Identity as the foundation for secure API consumption by agentic AI
A recent article by Nordic API’s, How Identity Guides the Use of APIs by Agentic AI, by Kristopher Sandoval, highlights a fundamental change: as agentic AI systems increasingly consume APIs autonomously, identity must evolve from static client credentials to contextual, transaction-limited authorization. Traditional API access models assume that clients are predictable and operate within predefined flows. Agentic AI challenges this assumption: agents can dynamically explore API surfaces, chain workflows, and adapt to responses. Without robust and precise identity controls, APIs risk exposing unwanted resources or operations.
An emerging initiative to address these concerns is the IETF’s OAuth Transaction Tokens project, led by Atul Tulshibagwale SGNL’s CTO and co-chair of the OpenID Foundation’s Artificial Intelligence Identity Management (AIIM) working group. Transaction tokens introduce cryptographically verifiable, single-operation identity assertions, allowing APIs to validate not only who an agent represents, but also what specific transaction it is authorized to perform.
At the same time, Nicola Gallo expressed similar concerns about identity and authorization in agent ecosystems, advocating compliance with the PIC (Principle of Identity Context) specification, which emphasizes the explicit propagation of identity context and its strict enforcement across service boundaries. The PIC specification offers a structured approach to maintaining verifiable identity continuity throughout API interactions, reinforcing the principle of least privilege and contextual authorization.
Together, these initiatives reflect a growing recognition that identity architecture—not just token issuance—will define the security of agent-driven API infrastructures consumption.
Webinar: Agentic AI – Fools rush in where Angels fear to Tread
Next month I will be in discussion with Rik Turner, Chief Analyst at Omdia about how MCP can securely enable and accelerate the exposition of the API infrastructure to agentic AI.
Enterprises are racing to adopt AI — but are they moving forward strategically, or simply following the hype cycle? We will look to separate signal from noise and explore the practical implications for enterprises seeking to enable agentic AI.
Register here to attend the webinar
Get API Security news directly in your Inbox.
By clicking Subscribe you agree to our Data Policy
