Security Gap in Ingest Service Allows Expired Agent JWTs to Bypass mTLS Authentication in Inventory RPC

A medium-severity authentication bypass has been identified in the ingest service's software-inventory RPC, where the handler explicitly accepts expired agent JWTs and fails to bind token identity to the mTLS client-certificate identity already available within the stream context. The vulnerability weakens the intended token time-to-live semantics, leaving the inventory submission path exposed to long-lived bearer tokens without proper certificate verification.

The code path is unambiguous: expired tokens are explicitly permitted through the validation logic, and the handler does not read the interceptor-populated mTLS identity from the request context. This creates a scenario where a stolen or stale JWT could remain usable indefinitely for inventory submission, bypassing the intended expiration controls. The risk intensifies if an attacker can pair a valid client certificate with a different agent's token and task context, enabling cross-agent impersonation within the inventory path.

The exposure is not a trivial internet-facing bypass—the RPC remains behind mTLS—yet the missing cert/JWT binding materially weakens agent authentication semantics. The vulnerability signals pressure on the broader authentication model for agent-to-service communication, with potential implications for deployments relying on this ingest service. Operators should monitor for unusual inventory submission patterns and assess whether other RPC paths exhibit similar binding gaps.