1. Security Gap in Ingest Service Allows Expired Agent JWTs to Bypass mTLS Authentication in Inventory RPC
A medium-severity authentication bypass has been identified in the ingest service's software-inventory RPC, where the handler explicitly accepts expired agent JWTs and fails to bind token identity to the mTLS client-certificate identity already available within the stream context. The vulnerability weakens the intended...