8 matches found
CVE-2026-6587
A flaw was found in vibrantlabsai RAGAS. A remote attacker can exploit a server-side request forgery SSRF vulnerability by manipulating the retrievedcontexts argument within the tryprocesslocalfile or tryprocessurl functions. This manipulation allows the attacker to induce the server to make...
EUVD-2026-23727
A security flaw has been discovered in vibrantlabsai RAGAS up to 0.4.3. The affected element is the function tryprocesslocalfile/tryprocessurl of the file src/ragas/metrics/collections/multimodalfaithfulness/util.py of the component Collections Module. Performing a manipulation of the argument...
CVE-2026-6587
A security flaw has been discovered in vibrantlabsai RAGAS up to 0.4.3. The affected element is the function tryprocesslocalfile/tryprocessurl of the file src/ragas/metrics/collections/multimodalfaithfulness/util.py of the component Collections Module. Performing a manipulation of the argument...
CVE-2026-6587
A security flaw has been discovered in vibrantlabsai RAGAS up to 0.4.3. The affected element is the function tryprocesslocalfile/tryprocessurl of the file src/ragas/metrics/collections/multimodalfaithfulness/util.py of the component Collections Module. Performing a manipulation of the argument...
CVE-2026-6587 vibrantlabsai RAGAS Collections util.py _try_process_url server-side request forgery
A security flaw has been discovered in vibrantlabsai RAGAS up to 0.4.3. The affected element is the function tryprocesslocalfile/tryprocessurl of the file src/ragas/metrics/collections/multimodalfaithfulness/util.py of the component Collections Module. Performing a manipulation of the argument...
CVE-2026-6587 vibrantlabsai RAGAS Collections util.py _try_process_url server-side request forgery
A security flaw has been discovered in vibrantlabsai RAGAS up to 0.4.3. The affected element is the function tryprocesslocalfile/tryprocessurl of the file src/ragas/metrics/collections/multimodalfaithfulness/util.py of the component Collections Module. Performing a manipulation of the argument...
CVE-2026-6587
CVE-2026-6587 affects vibrantlabsai RAGAS
PT-2026-33656
Name of the Vulnerable Software and Affected Versions vibrantlabsai RAGAS versions prior to 0.4.4 Description A server-side request forgery exists in the Collections Module. A remote attacker can initiate this by manipulating the retrieved contexts argument within the try process local file and t...