๐Ÿ›ก๏ธ NAIL Institute โ€” AVE Database

โ† Back to Database

Session State Persistence Attack

๐ŸŸ  HIGH temporal_exploitation proven AVE-2025-0058

ยท aka: Zombie Session

Summary

Injected context persists across session boundaries when session state is not properly cleared.

Blast Radius

Cross-session contamination affecting different users.

Prerequisites

Agent with session persistence and shared state.

Environment

  • Frameworks: LangGraph, CrewAI
  • Models tested: [Available in NAIL SDK]
  • Multi-agent: No
  • Tools required: No
  • Memory required: Yes

Related