PYSEC-2026-1211

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/backend-ai/PYSEC-2026-1211.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-1211
Aliases
Published
2026-07-07T16:02:54.001219Z
Modified
2026-07-07T17:47:32.565198755Z
Severity
  • 8.0 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
BackendAI vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Details

Exposure of sensitive data in active sessions in Lablup's BackendAI allows attackers to retrieve credentials for users on the management platform.

NOTE: The maintainers of BackendAI do not consider this report to fit with their threat model and advise users to follow security advice from https://github.com/lablup/backend.ai/pull/7587 in their instances to protect themselves from the conditions that would lead to the situation described in the CVE record.

References

Affected packages

PyPI / backend-ai

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
25.3.3

Affected versions

1.*
1.0.0
1.0.1
1.0.2
1.1.0
1.2.0
1.3.0
1.4.0
18.*
18.12.0
19.*
19.3.0a1
19.3.0
19.9.0
20.*
20.3.0
20.3.1
20.9.0a1.dev0
20.9.0
21.*
21.3.0
22.*
22.3.0

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/backend-ai/PYSEC-2026-1211.yaml"