CNNVD-202602-068 Information
CNNVD ID
CNNVD-202602-068
Related CVE
- CNNVD Published: 2026-02-02
Description (Chinese)
Khoj是Khoj AI开源的一款应用程序。可为用户创建随时可用的个人人工智能代理。 Khoj 2.0.0-beta.23之前版本存在安全漏洞,该漏洞源于Notion OAuth回调中存在不安全的直接对象引用,可能导致账户接管和数据投毒。
Description (English)
Khoj is an open-source application for Khoj AI. A readily available personal artificial intelligence agent can be created for users. The previous version of Khoj 2.0.0-beta.23 had a security loophole, which stemmed from unsafe direct-observed references in the Notion OAuth echo, which could lead to account taking and data poisoning.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Khoj AI
Published
2026-02-02
Last Modified
2026-02-24
References
https://github.com/khoj-ai/khoj/releases/tag/2.0.0-beta.23 https://github.com/khoj-ai/khoj/commit/1b7ccd141d47f365edeccc57d7316cb0913d748b https://github.com/khoj-ai/khoj/security/advisories/GHSA-6whj-7qmg-86qj https://access.redhat.com/security/cve/cve-2025-69207