CVE-2026-13513

Source
https://cve.org/CVERecord?id=CVE-2026-13513
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-13513.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-13513
Published
2026-06-28T23:00:16.154Z
Modified
2026-07-15T01:49:13.978857302Z
Severity
  • 1.3 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
MyScale MyScaleDB SegmentId.h getCacheKey data authenticity
Details

A security flaw has been discovered in MyScale MyScaleDB up to 1.8.0. This vulnerability affects the function SegmentId::getCacheKey in the library src/VectorIndex/Common/SegmentId.h. The manipulation results in insufficient verification of data authenticity. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is stated that the exploitability is difficult. The exploit has been released to the public and may be used for attacks. The pull request to fix this issue awaits acceptance.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/13xxx/CVE-2026-13513.json",
    "cwe_ids": [
        "CWE-345"
    ],
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "1.0"
                },
                {
                    "last_affected": "1.0"
                },
                {
                    "introduced": "1.1"
                },
                {
                    "last_affected": "1.1"
                },
                {
                    "introduced": "1.2"
                },
                {
                    "last_affected": "1.2"
                },
                {
                    "introduced": "1.3"
                },
                {
                    "last_affected": "1.3"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ],
    "cna_assigner": "VulDB"
}
References

Affected packages

Git / github.com/myscale/myscaledb

Affected ranges

Type
GIT
Repo
https://github.com/myscale/myscaledb
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "1.4"
        },
        {
            "last_affected": "1.4"
        },
        {
            "introduced": "1.5"
        },
        {
            "last_affected": "1.5"
        },
        {
            "introduced": "1.6"
        },
        {
            "last_affected": "1.6"
        },
        {
            "introduced": "1.7"
        },
        {
            "last_affected": "1.7"
        },
        {
            "introduced": "1.8.0"
        },
        {
            "last_affected": "1.8.0"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

1.*
1.4
1.5
1.6
1.7
1.8.0
myscaledb-v1.*
myscaledb-v1.4
myscaledb-v1.5
myscaledb-v1.6
myscaledb-v1.6.4
myscaledb-v1.7.1
myscaledb-v1.8.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-13513.json"