MindsDB - Remote Code Execution

MindsDB 25.9.1.1 contains a remote code execution caused by path traversal in the /api/files upload file module, letting authenticated attackers write arbitrary files and execute commands, exploit requires authentication. id: CVE-2026-27483 info: name: MindsDB - Remote Code Execution author:...

MindsDB -DNS Rebinding SSRF Protection Bypass

Detects DNS rebinding vulnerability that allows bypass of SSRF protection. The vulnerability exists in the URL validation mechanism where DNS resolution is performed without considering DNS rebinding attacks. id: CVE-2024-24759 info: name: MindsDB -DNS Rebinding SSRF Protection Bypass author: Lee...

CVE-2026-7712

A security vulnerability has been detected in MindsDB up to 26.01. Affected is the function pickle.loads of the component Pickle Handler. The manipulation leads to deserialization. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vend...

📄 MindsDB 25.9.1.1 Path Traversal

MindsDB version 25.9.1.1 suffers from a path traversal vulnerability. Exploit Title: MindsDB 25.9.1.1 - Path Traversal Date: 06-03-2026 Exploit Author: Lohitya Pushkar thewhiteh4t Vendor Homepage: https://mindsdb.com/ Software Link: https://github.com/mindsdb/mindsdb Version: not installed handle...

Deserialization of Untrusted Data

Overview MindsDB is a MindsDB server, provides server capabilities to mindsdb native python library Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the pickle.loads function in the Pickle Handler component. An attacker can execute arbitrary code by...

Access Control Bypass

Overview MindsDB is a MindsDB server, provides server capabilities to mindsdb native python library Affected versions of this package are vulnerable to Access Control Bypass via the exec function in the mindsdb/integrations/handlers/byomhandler/procwrapper.py component. An attacker can gain...

GHSA-9F6M-65V9-X9G2 MindsDB has an Improper Access Control Issue

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byomhandler/procwrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit ha...

MindsDB has an Improper Access Control Issue

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byomhandler/procwrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit ha...

CVE-2026-7712

A security vulnerability has been detected in MindsDB up to 26.01. Affected is the function pickle.loads of the component Pickle Handler. The manipulation leads to deserialization. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vend...

CVE-2026-7711

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byomhandler/procwrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit ha...

MindsDB 访问控制错误漏洞

MindsDB is a joint query engine developed by MindsDB Corporation, designed specifically for AI agents and large language models. It can handle questions related to PB-level enterprise data. MindsDB versions 26.01 and earlier contained a access control vulnerability. This vulnerability stemmed fro...

MindsDB 25.9.1.1 - Path Traversal

Exploit Title: MindsDB 25.9.1.1 - Path Traversal Date: 06-03-2026 Exploit Author: Lohitya Pushkar thewhiteh4t Vendor Homepage: https://mindsdb.com/ Software Link: https://github.com/mindsdb/mindsdb Version: not installed handlers BANNER = """ ------------------------------------- --- CVE-2026-274...

MindsDB 输入验证错误漏洞

MindsDB is a joint query engine designed by MindsDB Corporation, specifically for AI agents and large language models. It can handle questions related to PB-level enterprise data. MindsDB versions 26.01 and earlier contained a vulnerability related to input validation errors. This vulnerability...

CVE-2026-7712 MindsDB Pickle pickle.loads deserialization

A security vulnerability has been detected in MindsDB up to 26.01. Affected is the function pickle.loads of the component Pickle Handler. The manipulation leads to deserialization. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vend...

CVE-2026-7712

CVE-2026-7712 affects MindsDB up to version 26.01, with the vulnerability centered on the Pickle Handler's pickle.loads deserialization. The issue allows remote manipulation that leads to deserialization, and the exploit has been publicly disclosed and may be used. The vendor has not responded to...

CVE-2026-7712 MindsDB Pickle pickle.loads deserialization

A security vulnerability has been detected in MindsDB up to 26.01. Affected is the function pickle.loads of the component Pickle Handler. The manipulation leads to deserialization. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vend...

CVE-2026-7712

A security vulnerability has been detected in MindsDB up to 26.01. Affected is the function pickle.loads of the component Pickle Handler. The manipulation leads to deserialization. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vend...

EUVD-2026-26853

A security vulnerability has been detected in MindsDB up to 26.01. Affected is the function pickle.loads of the component Pickle Handler. The manipulation leads to deserialization. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vend...

CVE-2026-7711

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byomhandler/procwrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit ha...

EUVD-2026-26852

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byomhandler/procwrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit ha...