CVE-2026-11500

🗓️ 08 Jun 2026 09:00:12Reported by VulDBType

Weaviate up to 1.37.7 has authorization bypass via Static API Key validateConfig; upgrade to version 1.38.0-rc.0.

Reporter	Title	Published	Views	Family All 8
ATTACKERKB	CVE-2026-11500	8 Jun 202609:00	–	attackerkb
CNNVD	Weaviate 授权问题漏洞	8 Jun 202600:00	–	cnnvd
Cvelist	CVE-2026-11500 Weaviate Static API Key client.go validateConfig authorization	8 Jun 202609:00	–	cvelist
EUVD	EUVD-2026-35034	8 Jun 202609:00	–	euvd
NVD	CVE-2026-11500	8 Jun 202610:16	–	nvd
Positive Technologies	PT-2026-47262	8 Jun 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-11500	9 Jun 202614:59	–	redhatcve
Vulnrichment	CVE-2026-11500 Weaviate Static API Key client.go validateConfig authorization	8 Jun 202609:00	–	vulnrichment

Vulners

Node

weaviate weaviateMatch1.37.0

weaviate weaviateMatch1.37.1

weaviate weaviateMatch1.37.2

weaviate weaviateMatch1.37.3

weaviate weaviateMatch1.37.4

weaviate weaviateMatch1.37.5

weaviate weaviateMatch1.37.6

weaviate weaviateMatch1.37.7

[
  {
    "vendor": "n/a",
    "product": "Weaviate",
    "versions": [
      {
        "version": "1.37.0",
        "status": "affected"
      },
      {
        "version": "1.37.1",
        "status": "affected"
      },
      {
        "version": "1.37.2",
        "status": "affected"
      },
      {
        "version": "1.37.3",
        "status": "affected"
      },
      {
        "version": "1.37.4",
        "status": "affected"
      },
      {
        "version": "1.37.5",
        "status": "affected"
      },
      {
        "version": "1.37.6",
        "status": "affected"
      },
      {
        "version": "1.37.7",
        "status": "affected"
      },
      {
        "version": "1.38.0-rc.0",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:2.3:a:weaviate:weaviate:*:*:*:*:*:*:*:*"
    ],
    "modules": [
      "Static API Key Handler"
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/vuln/369120
github	www.github.com/weaviate/weaviate/issues/11392
vuldb	www.vuldb.com/submit/835080
github	www.github.com/weaviate/weaviate/
github	www.github.com/weaviate/weaviate/releases/tag/v1.38.0-rc.0
github	www.github.com/weaviate/weaviate/commit/40f2cc32279f0f8a51016c3c6870a2c0c808e6c0
vuldb	www.vuldb.com/cve/CVE-2026-11500
vuldb	www.vuldb.com/vuln/369120/cti

17 Jun 2026 10:14Current

4.9Medium risk

Vulners AI Score4.9

CVSS 42.3

CVSS 24.6

CVSS 3.15

CVSS 35

EPSS0.00281

SSVC