GHSA-9F6M-65V9-X9G2 MindsDB has an Improper Access Control Issue

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byomhandler/procwrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit ha...

Access Control Bypass

Overview MindsDB is a MindsDB server, provides server capabilities to mindsdb native python library Affected versions of this package are vulnerable to Access Control Bypass via the exec function in the mindsdb/integrations/handlers/byomhandler/procwrapper.py component. An attacker can gain...

MindsDB has an Improper Access Control Issue

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byomhandler/procwrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit ha...

CVE-2026-7711

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byomhandler/procwrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit ha...

MindsDB 访问控制错误漏洞

MindsDB is a joint query engine developed by MindsDB Corporation, designed specifically for AI agents and large language models. It can handle questions related to PB-level enterprise data. MindsDB versions 26.01 and earlier contained a access control vulnerability. This vulnerability stemmed fro...

CVE-2026-7711

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byomhandler/procwrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit ha...

EUVD-2026-26852

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byomhandler/procwrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit ha...

CVE-2026-7711

Summary: CVE-2026-7711 affects MindsDB Engine up to 26.01, specifically the function exec in mindsdb/integrations/handlers/byom_handler/proc_wrapper.py. The underlying issue enables remote manipulation via the exec path that could allow unrestricted upload. Public exploit code is noted, and the a...

CVE-2026-7711 MindsDB Engine proc_wrapper.py exec unrestricted upload

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byomhandler/procwrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit ha...

CVE-2026-7711 MindsDB Engine proc_wrapper.py exec unrestricted upload

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byomhandler/procwrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit ha...

PT-2026-36728

Name of the Vulnerable Software and Affected Versions MindsDB versions prior to 26.01 Description A weakness in the Engine Handler component allows for unrestricted file upload. This issue occurs within the exec function located in the mindsdb/integrations/handlers/byom handler/proc wrapper.py fi...