CVE-2026-13508 khoj-ai khoj Conversation Sharing api_chat.py authorization

🗓️ 28 Jun 2026 21:45:10Reported by VulDBType

Issue in khoj-ai up to 2.0.0-beta.28 allows remote exploitation via conversation.agent api_chat.py.

Reporter	Title	Published	Views	Family All 5
ATTACKERKB	CVE-2026-13508	28 Jun 202621:45	–	attackerkb
CVE	CVE-2026-13508	28 Jun 202621:45	–	cve
EUVD	EUVD-2026-40005	28 Jun 202621:45	–	euvd
NVD	CVE-2026-13508	28 Jun 202622:16	–	nvd
Positive Technologies	PT-2026-53164	28 Jun 202600:00	–	ptsecurity

[
  {
    "vendor": "khoj-ai",
    "product": "khoj",
    "versions": [
      {
        "version": "2.0.0-beta.0",
        "status": "affected"
      },
      {
        "version": "2.0.0-beta.1",
        "status": "affected"
      },
      {
        "version": "2.0.0-beta.2",
        "status": "affected"
      },
      {
        "version": "2.0.0-beta.3",
        "status": "affected"
      },
      {
        "version": "2.0.0-beta.4",
        "status": "affected"
      },
      {
        "version": "2.0.0-beta.5",
        "status": "affected"
      },
      {
        "version": "2.0.0-beta.6",
        "status": "affected"
      },
      {
        "version": "2.0.0-beta.7",
        "status": "affected"
      },
      {
        "version": "2.0.0-beta.8",
        "status": "affected"
      },
      {
        "version": "2.0.0-beta.9",
        "status": "affected"
      },
      {
        "version": "2.0.0-beta.10",
        "status": "affected"
      },
      {
        "version": "2.0.0-beta.11",
        "status": "affected"
      },
      {
        "version": "2.0.0-beta.12",
        "status": "affected"
      },
      {
        "version": "2.0.0-beta.13",
        "status": "affected"
      },
      {
        "version": "2.0.0-beta.14",
        "status": "affected"
      },
      {
        "version": "2.0.0-beta.15",
        "status": "affected"
      },
      {
        "version": "2.0.0-beta.16",
        "status": "affected"
      },
      {
        "version": "2.0.0-beta.17",
        "status": "affected"
      },
      {
        "version": "2.0.0-beta.18",
        "status": "affected"
      },
      {
        "version": "2.0.0-beta.19",
        "status": "affected"
      },
      {
        "version": "2.0.0-beta.20",
        "status": "affected"
      },
      {
        "version": "2.0.0-beta.21",
        "status": "affected"
      },
      {
        "version": "2.0.0-beta.22",
        "status": "affected"
      },
      {
        "version": "2.0.0-beta.23",
        "status": "affected"
      },
      {
        "version": "2.0.0-beta.24",
        "status": "affected"
      },
      {
        "version": "2.0.0-beta.25",
        "status": "affected"
      },
      {
        "version": "2.0.0-beta.26",
        "status": "affected"
      },
      {
        "version": "2.0.0-beta.27",
        "status": "affected"
      },
      {
        "version": "2.0.0-beta.28",
        "status": "affected"
      }
    ],
    "cpes": [
      "cpe:2.3:a:khoj-ai:khoj:*:*:*:*:*:*:*:*"
    ],
    "modules": [
      "Conversation Sharing Handler"
    ]
  }
]

Source	Link
github	www.github.com/khoj-ai/khoj/pull/1328
github	www.github.com/khoj-ai/khoj/
vuldb	www.vuldb.com/submit/838812
vuldb	www.vuldb.com/vuln/374516
vuldb	www.vuldb.com/vuln/374516/cti
github	www.github.com/khoj-ai/khoj/issues/1327
vuldb	www.vuldb.com/cve/CVE-2026-13508

28 Jun 2026 21:45Current

CVSS 45.1

CVSS 3.15.5

CVSS 35.5

CVSS 26.5