GHSA-9f6m-65v9-x9g2
Suggest an improvement- Source
- https://github.com/advisories/GHSA-9f6m-65v9-x9g2
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-9f6m-65v9-x9g2/GHSA-9f6m-65v9-x9g2.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-9f6m-65v9-x9g2
- Aliases
-
- CVE-2026-7711
- Published
- 2026-05-04T00:30:25Z
- Modified
- 2026-05-08T16:33:26.088406Z
- Severity
-
- 7.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
- 5.5 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
- Summary
- MindsDB has an Improper Access Control Issue
- Details
-
A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byomhandler/procwrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
- Database specific
{ "github_reviewed": true, "severity": "MODERATE", "github_reviewed_at": "2026-05-08T16:23:16Z", "cwe_ids": [ "CWE-284" ], "nvd_published_at": "2026-05-04T00:16:39Z" }- References
Affected packages
PyPI / mindsdb
Package
- Name
- mindsdb
- View open source insights on deps.dev
- Purl
- pkg:pypi/mindsdb
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected26.0.1
Affected versions
0.*
0.6.5
0.6.6
0.6.7
0.6.8
0.6.9
0.7.0
0.7.1
0.7.2
0.7.3
0.7.4
0.7.5
0.7.6
0.7.7
0.7.8
0.7.9
0.8.0
0.8.1
0.8.2
0.8.3
0.8.4
0.8.5
0.8.6
0.8.7
0.8.8
0.8.9
0.8.9.1
0.8.9.2
0.8.9.3
0.8.9.4
0.8.9.5
0.8.9.6
0.8.9.7
0.8.9.8
0.9.0.0
0.9.0.1
0.9.1.0
0.9.2.0
1.*
1.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.1.0
1.1.2
1.1.3
1.1.7
1.1.9
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.8
1.2.9
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.3.7
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.4.7
1.4.9
1.4.10
1.5.0
1.5.1
1.5.2
1.5.4
1.6.0
1.6.3
1.6.4
1.6.5
1.6.6
1.6.7
1.6.8
1.6.12
1.6.13
1.6.15
1.6.17
1.6.18
1.7.0
1.7.1
1.7.2
1.7.3
1.7.5
1.7.6
1.7.7
1.7.8
1.7.9
1.7.10
1.7.11
1.7.12
1.7.13
1.7.14
1.7.15
1.7.16
1.7.17
1.7.18
1.7.19
1.7.20
1.7.21
1.7.22
1.7.23
1.8.0
1.8.2
1.9.0
1.9.1
1.9.2
1.9.3
1.9.5
1.9.6
1.10.0
1.10.2
1.10.3
1.11.0
1.11.2
1.11.3
1.11.4
1.11.5
1.11.8
1.12.0
1.12.1
1.12.2
1.12.3
1.12.4
1.12.5
1.12.7
1.12.8
1.12.9
1.13.0
1.13.2
1.13.3
1.13.4
1.13.5
1.13.6
1.13.7
1.13.8
1.13.9
1.13.10
1.13.11
1.13.12
1.13.15
1.14.0
1.14.1
1.14.2
1.14.3
1.14.4
1.15.1
1.15.2
1.15.6
1.16.0
1.16.1
1.16.2
1.17.0
1.17.1
1.17.2
1.17.3
1.17.4
1.17.6
1.17.8
1.17.9
1.18.0
1.18.1
1.18.2
1.18.3
1.18.5
1.18.6
1.18.7
1.19.0
1.19.1
1.20.0
1.20.1
1.21.0
1.22.0
1.23.0
1.24.0
1.24.1
1.24.2
1.25.0
1.25.1
1.25.2
1.26.0
1.26.1
1.26.2
1.26.3
1.26.4
1.26.5
1.27.0
1.27.1
1.99.0
1.99.1
1.99.3
1.99.4
1.99.5
1.99.6
1.99.7
1.99.8
1.99.9
1.99.10
1.99.11
2.*
2.0.0
2.1.0
2.1.2
2.2.0
2.2.1
2.3.0
2.4.0
2.5.0
2.6.0
2.6.1
2.7.0
2.7.1
2.7.2
2.8.0
2.8.1
2.8.3
2.9.0
2.9.1
2.10.0
2.10.1
2.10.2
2.11.0
2.11.1
2.11.2
2.11.4
2.12.0
2.13.0
2.13.1
2.13.2
2.13.3
2.13.4
2.13.5
2.13.6
2.13.7
2.13.8
2.14.0
2.15.0
2.17.1
2.18.0
2.19.0
2.19.1
2.19.2
2.19.4
2.19.5
2.20.0
2.20.1
2.20.2
2.21.0
2.21.1
2.21.2
2.21.3
2.22.0
2.22.1
2.22.2
2.23.0
2.24.0
2.24.1
2.25.0
2.25.1
2.25.2
2.25.3
2.26.0
2.27.0
2.28.0
2.30.0
2.30.1
2.31.0
2.32.0
2.33.0
2.34.0
2.35.0
2.36.0
2.37.0
2.38.0
2.39.0
2.40.0
2.41.1
2.41.2
2.42.0
2.42.1
2.42.2
2.43.0
2.44.0
2.45.0
2.45.1
2.45.2
2.50.0
2.51.0
2.51.1
2.51.2
2.52.0
2.53.0
2.54.0
2.55.0
2.55.1
2.55.2
2.56.0
2.57.0
2.58.0
2.58.1
2.58.2
2.58.3
2.59.0
2.60.0
2.60.1
2.61.0
2.62.0
2.62.1
2.62.2
2.62.3
2.62.4
22.*
22.1.4.0
22.1.4.1
22.2.1.0
22.2.1.2
22.2.2.0
22.2.2.1
22.2.4.0
22.2.4.1
22.3.1.0
22.3.3.0
22.3.4.0
22.3.4.1
22.3.4.2
22.3.4.3
22.3.5.0
22.4.2.0
22.4.2.1
22.4.2.2
22.4.3.0
22.4.5.0
22.5.1.0
22.5.1.1
22.5.1.2
22.5.2.0
22.5.4.0
22.6.1.0
22.6.1.1
22.6.1.2
22.6.2.0
22.6.2.1
22.6.2.2
22.7.3.0
22.7.3.1
22.7.3.2
22.7.3.3
22.7.3.4
22.7.4.0
22.7.4.1
22.7.5.0
22.7.5.1
22.8.2.0
22.8.2.1
22.8.3.0
22.8.3.1
22.8.4.0
22.8.4.1
22.8.5.0
22.9.3.0
22.9.3.1
22.9.4.0
22.9.5.1
22.9.5.2
22.9.5.3
22.9.5.4
22.10.2.0
22.10.2.1
22.11.3.0
22.11.3.2
22.11.4.0
22.11.4.1
22.11.4.2
22.11.4.3
22.12.4.0
22.12.4.2
22.12.4.3
23.*
23.1.3.0
23.1.3.1
23.1.3.2
23.1.5.0
23.2.1.0
23.2.2.1
23.2.3.0
23.2.3.1
23.2.4.0
23.2.4.1
23.2.4.2
23.2.4.3
23.3.2.0
23.3.3.0
23.3.3.1
23.3.3.2
23.3.3.3
23.3.3.4
23.3.3.5
23.3.4.0
23.3.5.0
23.4.3.0
23.4.3.1
23.4.3.2
23.4.4.0
23.4.4.1
23.4.4.2
23.4.4.3
23.4.4.4
23.5.3.1
23.5.3.2
23.5.4.1
23.6.1.1
23.6.2.0
23.6.3.0
23.6.3.1
23.6.4.0
23.6.5.0
23.6.5.1
23.7.1.0
23.7.2.0
23.7.3.1
23.7.4.0
23.7.4.1
23.8.1.0
23.8.3.0
23.9.1.0
23.9.1.1
23.9.2.0
23.9.2.1
23.9.3.0
23.9.3.1
23.10.2.0
23.10.3.0
23.10.3.1
23.10.5.0
23.11.1.0
23.11.4.0
23.11.4.1
23.11.4.4a6
23.12.4.0
23.12.4.1
23.12.4.2
24.*
24.1.4.0
24.2.3.0
24.3.4.0
24.3.4.1
24.3.4.2
24.3.5.0
24.4.2.0
24.4.2.1
24.4.3.0
24.5.4.0
24.6.1.0
24.6.1.1
24.6.2.0
24.6.2.2
24.6.3.0
24.6.3.1
24.6.4.1
24.7.1.0
24.7.2.0
24.7.3.0
24.7.4.0
24.7.4.1
24.7.5.0
24.8.1.0
24.8.1.1
24.8.2.0
24.8.3.0
24.8.4.0
24.9.1.0
24.9.2.0
24.9.2.1
24.9.3.0
24.9.3.1
24.9.3.2
24.9.4.0
24.9.4.1
24.10.1.0
24.10.2.0
24.10.3.0
24.10.4.0
24.10.4.1
24.10.4.2
24.10.5.0
24.11.1.0
24.11.1.1
24.11.2.0
24.11.3.0
24.11.4.0
24.11.4.1
24.11.4.2
24.12.1.0
24.12.2.0
24.12.2.1
24.12.2.2
24.12.3.0
24.12.4.0
25.*
25.1.2.0
25.1.2.1
25.1.3.0
25.1.4.0
25.1.5.0
25.1.5.1
25.1.5.2
25.1.5.3
25.2.1.0
25.2.1.2
25.2.2.0
25.2.2.2
25.2.3.0
25.2.4.0
25.3.1.0
25.3.2.0
25.3.3.0
25.3.4.0
25.3.4.1
25.3.4.2
25.4.1.0
25.4.2.0
25.4.2.1
25.4.3.0
25.4.3.1
25.4.3.2
25.4.4.0
25.4.5.0
25.5.3.0
25.5.4.0
25.5.4.1
25.5.4.2
25.6.2.0
25.6.3.0
25.6.3.1
25.6.4.0
25.7.1.0
25.7.2.0
25.7.3.0
25.7.4.0
25.8.2.0
25.8.3.0
25.9.1.0
25.9.1.1
25.9.1.2
25.9.2.0a1
25.9.3rc1
25.10.0rc1
25.10.0
25.10.1
25.11.0rc1
25.11.0rc2
25.11.0
25.11.1
25.12.0rc1
25.12.0
25.13.0rc1
25.13.0rc2
25.13.0
25.13.1
25.14.0rc1
25.14.0
25.14.1
26.*
26.0.0rc1
26.0.0rc2
26.0.0rc3
26.0.0
26.0.1