EUVD-2026-35034

A vulnerability was identified in Weaviate up to 1.37.7. This vulnerability affects the function validateConfig of the file usecases/auth/authentication/apikey/client.go of the component Static API Key Handler. The manipulation of the argument StaticApiKey leads to authorization bypass. It is...

CVE-2026-11500

A vulnerability was identified in Weaviate up to 1.37.7. This vulnerability affects the function validateConfig of the file usecases/auth/authentication/apikey/client.go of the component Static API Key Handler. The manipulation of the argument StaticApiKey leads to authorization bypass. It is...

CVE-2026-11500 Weaviate Static API Key client.go validateConfig authorization

A vulnerability was identified in Weaviate up to 1.37.7. This vulnerability affects the function validateConfig of the file usecases/auth/authentication/apikey/client.go of the component Static API Key Handler. The manipulation of the argument StaticApiKey leads to authorization bypass. It is...

CVE-2026-11500

The CVE affects Weaviate up to version 1.37.7, specifically the Static API Key Handler’s validateConfig function in usecases/auth/authentication/apikey/client.go. The issue arises from manipulation of the StaticApiKey argument, enabling remote authorization bypass. The vulnerability has a publicl...

CVE-2020-10788

openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a94152378611e API key rather than generating a random API Key for WebSocket connections...