Lucene search
K

101 matches found

NVD
NVD
added 2026/07/02 8:17 p.m.8 views

CVE-2026-59093

Weaviate before 1.38.0 does not verify that a principal performing an RBAC role assignment holds the permissions granted by the assigned role. The assignRoleToUser and assignRoleToGroup handlers POST /authz/users/id/assign and /authz/groups/id/assign authorize only that the caller may assign role...

8.8CVSS0.00285EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/02 7:40 p.m.35 views

CVE-2026-59093 Weaviate < 1.38.0 - Privilege Escalation via Unchecked Permissions in RBAC Role Assignment

Weaviate before 1.38.0 does not verify that a principal performing an RBAC role assignment holds the permissions granted by the assigned role. The assignRoleToUser and assignRoleToGroup handlers POST /authz/users/id/assign and /authz/groups/id/assign authorize only that the caller may assign role...

8.8CVSS0.00285EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/02 7:40 p.m.8 views

CVE-2026-59093

Weaviate before 1.38.0 does not verify that a principal performing an RBAC role assignment holds the permissions granted by the assigned role. The assignRoleToUser and assignRoleToGroup handlers POST /authz/users/id/assign and /authz/groups/id/assign authorize only that the caller may assign role...

8.8CVSS5.8AI score0.00285EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/02 7:40 p.m.7 views

EUVD-2026-41424

Weaviate before 1.38.0 does not verify that a principal performing an RBAC role assignment holds the permissions granted by the assigned role. The assignRoleToUser and assignRoleToGroup handlers POST /authz/users/id/assign and /authz/groups/id/assign authorize only that the caller may assign role...

8.8CVSS5.8AI score0.00285EPSS
Exploits0References4
CVE
CVE
added 2026/07/02 7:40 p.m.18 views

CVE-2026-59093

Weaviate prior to 1.38.0 fails to verify that a principal granting RBAC roles actually has permissions within those roles. The assignRoleToUser and assignRoleToGroup endpoints (POST /authz/users/{id}/assign, /authz/groups/{id}/assign) only check that the caller may assign roles, not the permissio...

8.8CVSS5.8AI score0.00285EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.11 views

PT-2026-55294

Name of the Vulnerable Software and Affected Versions Weaviate versions prior to 1.38.0 Description An issue exists where the system fails to verify if a principal performing a Role-Based Access Control RBAC role assignment possesses the permissions granted by the role being assigned. While role...

8.8CVSS6.1AI score0.00285EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.12 views

CVE-2026-11500

A vulnerability was identified in Weaviate up to 1.37.7. This vulnerability affects the function validateConfig of the file usecases/auth/authentication/apikey/client.go of the component Static API Key Handler. The manipulation of the argument StaticApiKey leads to authorization bypass. It is...

5CVSS4.6AI score0.00281EPSS
Exploits0References1
NVD
NVD
added 2026/06/08 10:16 a.m.14 views

CVE-2026-11500

A vulnerability was identified in Weaviate up to 1.37.7. This vulnerability affects the function validateConfig of the file usecases/auth/authentication/apikey/client.go of the component Static API Key Handler. The manipulation of the argument StaticApiKey leads to authorization bypass. It is...

5CVSS0.00281EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/08 9:0 a.m.7 views

CVE-2026-11500

A vulnerability was identified in Weaviate up to 1.37.7. This vulnerability affects the function validateConfig of the file usecases/auth/authentication/apikey/client.go of the component Static API Key Handler. The manipulation of the argument StaticApiKey leads to authorization bypass. It is...

5CVSS4.9AI score0.00281EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/08 9:0 a.m.13 views

EUVD-2026-35034

A vulnerability was identified in Weaviate up to 1.37.7. This vulnerability affects the function validateConfig of the file usecases/auth/authentication/apikey/client.go of the component Static API Key Handler. The manipulation of the argument StaticApiKey leads to authorization bypass. It is...

5CVSS4.6AI score0.00281EPSS
Exploits0References8
CVE
CVE
added 2026/06/08 9:0 a.m.37 views

CVE-2026-11500

The CVE affects Weaviate up to version 1.37.7, specifically the Static API Key Handler’s validateConfig function in usecases/auth/authentication/apikey/client.go. The issue arises from manipulation of the StaticApiKey argument, enabling remote authorization bypass. The vulnerability has a publicl...

5CVSS4.9AI score0.00281EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/06/08 9:0 a.m.9 views

CVE-2026-11500 Weaviate Static API Key client.go validateConfig authorization

A vulnerability was identified in Weaviate up to 1.37.7. This vulnerability affects the function validateConfig of the file usecases/auth/authentication/apikey/client.go of the component Static API Key Handler. The manipulation of the argument StaticApiKey leads to authorization bypass. It is...

5CVSS4.9AI score0.00281EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/08 9:0 a.m.45 views

CVE-2026-11500 Weaviate Static API Key client.go validateConfig authorization

A vulnerability was identified in Weaviate up to 1.37.7. This vulnerability affects the function validateConfig of the file usecases/auth/authentication/apikey/client.go of the component Static API Key Handler. The manipulation of the argument StaticApiKey leads to authorization bypass. It is...

5CVSS0.00281EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.19 views

PT-2026-47262

A vulnerability was identified in Weaviate up to 1.37.7. This vulnerability affects the function validateConfig of the file usecases/auth/authentication/apikey/client.go of the component Static API Key Handler. The manipulation of the argument StaticApiKey leads to authorization bypass. It is...

5CVSS4.9AI score0.00281EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.9 views

Weaviate 授权问题漏洞

Weaviate is an open-source vector database developed by Weaviate. Versions of Weaviate 1.37.7 and earlier had an authorization vulnerability. This vulnerability stemmed from incorrect handling of the parameter “StaticApiKey” in the function “validateConfig” within the Static API Key Handler...

5CVSS5.5AI score0.00281EPSS
Exploits0References2
OSV
OSV
added 2026/05/18 1:38 p.m.10 views

CLEANSTART-2026-BK91157 Security fixes for ghsa-xmrv-pmrh-hhx2 applied in versions: 1.35.17-r0

Security vulnerability affects the weaviate-fips package. This issue is resolved in later releases. See references for vulnerability details...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/18 1:38 p.m.9 views

CLEANSTART-2026-FL19517 Security fixes for ghsa-xmrv-pmrh-hhx2 applied in versions: 1.35.17-r0

Security vulnerability affects the weaviate-fips package. This issue is resolved in later releases. See references for vulnerability details...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/18 1:38 p.m.7 views

CLEANSTART-2026-ON41795 Security fixes for ghsa-xmrv-pmrh-hhx2 applied in versions: 1.35.17-r0

Security vulnerability affects the weaviate-fips package. This issue is resolved in later releases. See references for vulnerability details...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/18 1:38 p.m.7 views

CLEANSTART-2026-QO72222 Security fixes for ghsa-xmrv-pmrh-hhx2 applied in versions: 1.35.17-r0

Security vulnerability affects the weaviate-fips package. This issue is resolved in later releases. See references for vulnerability details...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/18 1:35 p.m.17 views

CLEANSTART-2026-HJ72983 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-68121, CVE-2026-25679, CVE-2026-27137, CVE-2026-27138, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, CVE-2026-33811, CVE-2026-33814, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, ghsa-6g7g-w4f8-9c9x, ghsa-9h8m-3fm2-qjrq, ghsa-j5w8-q4qc-rx2x, ghsa-p77j-4mvh-x3m3, ghsa-xmrv-pmrh-hhx2 applied in versions: 1.35.17-r0, 1.35.17-r1, 1.35.2-r0, 1.35.2-r1, 1.35.2-r2

Multiple security vulnerabilities affect the weaviate package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS6.8AI score0.01945EPSS
Exploits3References42
Rows per page
Query Builder