CNNVD-202601-1833 Information
Jan 12, 2026
cve
CNNVD ID
CNNVD-202601-1833
Related CVE
- CNNVD Published: 2026-01-12
Description (Chinese)
MindsDB是MindsDB公司的一个专为AI代理和大语言模型设计的联合查询引擎,可以回答pb级企业数据的问题。 MindsDB 25.11.1之前版本存在安全漏洞,该漏洞源于文件上传API中用户控制的数据直接拼接至文件系统路径,可能导致路径遍历攻击。
Description (English)
MindsDB is a joint search engine designed by MindsDB for AI agents and large-language models, which can answer questions about pb-level business data. There was a security loophole in the pre-MindsDB 25.11.1 version, resulting from the direct integration of user-controlled data from the file uploading API into the file system path, which could lead to a routing attack.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
MindsDB
Published
2026-01-12
Last Modified
2026-02-24
References
https://github.com/mindsdb/mindsdb/security/advisories/GHSA-qqhf-pm3j-96g7
Patch
https://github.com/mindsdb/mindsdb/releases
Share on: