94 matches found
CVE-2026-11500
A vulnerability was identified in Weaviate up to 1.37.7. This vulnerability affects the function validateConfig of the file usecases/auth/authentication/apikey/client.go of the component Static API Key Handler. The manipulation of the argument StaticApiKey leads to authorization bypass. It is...
CVE-2026-11500
A vulnerability was identified in Weaviate up to 1.37.7. This vulnerability affects the function validateConfig of the file usecases/auth/authentication/apikey/client.go of the component Static API Key Handler. The manipulation of the argument StaticApiKey leads to authorization bypass. It is...
EUVD-2026-35034
A vulnerability was identified in Weaviate up to 1.37.7. This vulnerability affects the function validateConfig of the file usecases/auth/authentication/apikey/client.go of the component Static API Key Handler. The manipulation of the argument StaticApiKey leads to authorization bypass. It is...
CVE-2026-11500
A vulnerability was identified in Weaviate up to 1.37.7. This vulnerability affects the function validateConfig of the file usecases/auth/authentication/apikey/client.go of the component Static API Key Handler. The manipulation of the argument StaticApiKey leads to authorization bypass. It is...
CVE-2026-11500 Weaviate Static API Key client.go validateConfig authorization
A vulnerability was identified in Weaviate up to 1.37.7. This vulnerability affects the function validateConfig of the file usecases/auth/authentication/apikey/client.go of the component Static API Key Handler. The manipulation of the argument StaticApiKey leads to authorization bypass. It is...
CVE-2026-11500
The CVE affects Weaviate up to version 1.37.7, specifically the Static API Key Handler’s validateConfig function in usecases/auth/authentication/apikey/client.go. The issue arises from manipulation of the StaticApiKey argument, enabling remote authorization bypass. The vulnerability has a publicl...
CVE-2026-11500 Weaviate Static API Key client.go validateConfig authorization
A vulnerability was identified in Weaviate up to 1.37.7. This vulnerability affects the function validateConfig of the file usecases/auth/authentication/apikey/client.go of the component Static API Key Handler. The manipulation of the argument StaticApiKey leads to authorization bypass. It is...
PT-2026-47262
A vulnerability was identified in Weaviate up to 1.37.7. This vulnerability affects the function validateConfig of the file usecases/auth/authentication/apikey/client.go of the component Static API Key Handler. The manipulation of the argument StaticApiKey leads to authorization bypass. It is...
Weaviate 授权问题漏洞
Weaviate is an open-source vector database developed by Weaviate. Versions of Weaviate 1.37.7 and earlier had an authorization vulnerability. This vulnerability stemmed from incorrect handling of the parameter “StaticApiKey” in the function “validateConfig” within the Static API Key Handler...
CLEANSTART-2026-BK91157 Security fixes for ghsa-xmrv-pmrh-hhx2 applied in versions: 1.35.17-r0
Security vulnerability affects the weaviate-fips package. This issue is resolved in later releases. See references for vulnerability details...
CLEANSTART-2026-FL19517 Security fixes for ghsa-xmrv-pmrh-hhx2 applied in versions: 1.35.17-r0
Security vulnerability affects the weaviate-fips package. This issue is resolved in later releases. See references for vulnerability details...
CLEANSTART-2026-ON41795 Security fixes for ghsa-xmrv-pmrh-hhx2 applied in versions: 1.35.17-r0
Security vulnerability affects the weaviate-fips package. This issue is resolved in later releases. See references for vulnerability details...
CLEANSTART-2026-QO72222 Security fixes for ghsa-xmrv-pmrh-hhx2 applied in versions: 1.35.17-r0
Security vulnerability affects the weaviate-fips package. This issue is resolved in later releases. See references for vulnerability details...
CLEANSTART-2026-HJ72983 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-68121, CVE-2026-25679, CVE-2026-27137, CVE-2026-27138, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, CVE-2026-33811, CVE-2026-33814, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, ghsa-6g7g-w4f8-9c9x, ghsa-9h8m-3fm2-qjrq, ghsa-j5w8-q4qc-rx2x, ghsa-p77j-4mvh-x3m3, ghsa-xmrv-pmrh-hhx2 applied in versions: 1.35.17-r0, 1.35.17-r1, 1.35.2-r0, 1.35.2-r1, 1.35.2-r2
Multiple security vulnerabilities affect the weaviate package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-GU95761 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-68121, CVE-2026-33811, CVE-2026-33814, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, ghsa-j5w8-q4qc-rx2x, ghsa-xmrv-pmrh-hhx2 applied in versions: 1.35.2-r0, 1.36.11-r0, 1.36.11-r1
Multiple security vulnerabilities affect the weaviate package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-CK61704 Security fixes for CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, ghsa-xmrv-pmrh-hhx2 applied in versions: 1.35.17-r0, 1.35.17-r1
Multiple security vulnerabilities affect the weaviate-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-RD75979 Security fixes for CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, ghsa-xmrv-pmrh-hhx2 applied in versions: 1.35.17-r0, 1.37.0-r0
Multiple security vulnerabilities affect the weaviate-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
org.springframework.ai:spring-ai-starter-vector-store-weaviate (>=1.0.0 <=1.0.5), org.springframework.ai:spring-ai-weaviate-store-spring-boot-starter (>=1.0.0-M5 <=1.0.0-M6) potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-weaviate-store (>=1.0.0-M5 <=1.0.5)
org.springframework.ai:spring-ai-weaviate-store MAVEN version =1.0.0-M5, =1.0.0, =1.0.0-M5, =1.0.0-M6 Source cves: CVE-2026-40967 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16321397...
org.springframework.ai:spring-ai-starter-vector-store-weaviate (>=1.1.0 <=1.1.4) potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-weaviate-store (>=1.1.0-M1 <=1.1.4)
org.springframework.ai:spring-ai-weaviate-store MAVEN version =1.1.0-M1, =1.1.0, =1.1.4 Source cves: CVE-2026-40967 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16321397...
Improper Neutralization of Special Elements in Data Query Logic
Overview org.springframework.ai:spring-ai-weaviate-store is a Building AI applications with Spring Boot Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementations. An attacker can alter...