Lucene search
K

10 matches found

NVD
NVD
added last week19 views

CVE-2026-58473

Cognee before 1.2.0 contains an improper access control vulnerability that allows unauthenticated attackers to overwrite the global LLM provider configuration by self-registering an account and calling the settings endpoint, which performs no admin or superuser check. Attackers can redirect all L...

9.3CVSS0.00372EPSS
Exploits0References4
CVE
CVE
added last week12 views

CVE-2026-58473

CVE-2026-58473 (Cognee) vulnerability affects Cognee prior to 1.2.0. An improper access-control flaw allows unauthenticated attackers to overwrite the global LLM provider configuration by self-registering an account and calling the settings endpoint, which lacks admin/superuser checks. This enabl...

9.3CVSS6AI score0.00372EPSS
Exploits0References4
OSV
OSV
added last week6 views

CVE-2026-58473 Cognee < 1.2.0 Unauthorized LLM Configuration Overwrite via /api/v1/settings

Cognee before 1.2.0 contains an improper access control vulnerability that allows unauthenticated attackers to overwrite the global LLM provider configuration by self-registering an account and calling the settings endpoint, which performs no admin or superuser check. Attackers can redirect all L...

9.3CVSS6AI score0.00372EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/05/15 7:57 p.m.10 views

CVE-2026-31231

Cognee thru v0.4.0 contains a critical remote code execution vulnerability in its notebook cell execution API endpoint. The endpoint is designed to execute arbitrary Python code provided by the user, but it does so using the unsafe exec function without any sandboxing, validation, or security...

9.8CVSS6.7AI score0.00635EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 6:16 p.m.13 views

CVE-2026-31231

Cognee thru v0.4.0 contains a critical remote code execution vulnerability in its notebook cell execution API endpoint. The endpoint is designed to execute arbitrary Python code provided by the user, but it does so using the unsafe exec function without any sandboxing, validation, or security...

9.8CVSS0.00635EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/12 12:0 a.m.7 views

CVE-2026-31231

Cognee thru v0.4.0 contains a critical remote code execution vulnerability in its notebook cell execution API endpoint. The endpoint is designed to execute arbitrary Python code provided by the user, but it does so using the unsafe exec function without any sandboxing, validation, or security...

6.7AI score0.00635EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

cognee 安全漏洞

Cognee is an open-source tool developed by Topoteretes, designed to provide AI agents with shared memory and context management capabilities. Cognee versions prior to v0.4.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of the unsafe exec function in notebook cell...

9.8CVSS6.2AI score0.00635EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.19 views

PT-2026-40118

Cognee thru v0.4.0 contains a critical remote code execution vulnerability in its notebook cell execution API endpoint. The endpoint is designed to execute arbitrary Python code provided by the user, but it does so using the unsafe exec function without any sandboxing, validation, or security...

6.7AI score0.00635EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/12 12:0 a.m.36 views

CVE-2026-31231

Cognee thru v0.4.0 contains a critical remote code execution vulnerability in its notebook cell execution API endpoint. The endpoint is designed to execute arbitrary Python code provided by the user, but it does so using the unsafe exec function without any sandboxing, validation, or security...

0.00635EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/12/19 9:10 p.m.6 views

balify (=0.0.2), cognee (>=0.1.15 <=0.5.2.dev0) +45 more potentially affected by CVE-2025-68481 via fastapi-users (>=10.2.1 <=14.0.2)

fastapi-users PYPI version =10.2.1, =0.1.15, =0.1.2, =0.2.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.2.1 - cognee-community-vector-adapter-redis =0.1.0 - cognee-community-vector-adapter-valkey =0.1.1 - cognee-community-vector-adapter-weaviate =0.1.0 and more Source cves: CVE-2025-68481 Source advisory...

8.8CVSS5.7AI score0.00222EPSS
Exploits1
Rows per page
Query Builder