PYSEC-2026-2648

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/mindsdb/PYSEC-2026-2648.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-2648
Aliases
Published
2026-07-13T15:02:56.325810Z
Modified
2026-07-13T16:31:50.947899603Z
Severity
  • 7.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
  • 5.5 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
MindsDB has an Improper Access Control Issue
Details

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byomhandler/procwrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

References

Affected packages

PyPI / mindsdb

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
26.0.1

Affected versions

0.*
0.6.5
0.6.6
0.6.7
0.6.8
0.6.9
0.7.0
0.7.1
0.7.2
0.7.3
0.7.4
0.7.5
0.7.6
0.7.7
0.7.8
0.7.9
0.8.0
0.8.1
0.8.2
0.8.3
0.8.4
0.8.5
0.8.6
0.8.7
0.8.8
0.8.9
0.8.9.1
0.8.9.2
0.8.9.3
0.8.9.4
0.8.9.5
0.8.9.6
0.8.9.7
0.8.9.8
0.9.0.0
0.9.0.1
0.9.1.0
0.9.2.0
1.*
1.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.1.0
1.1.2
1.1.3
1.1.7
1.1.9
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.8
1.2.9
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.3.7
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.4.7
1.4.9
1.4.10
1.5.0
1.5.1
1.5.2
1.5.4
1.6.0
1.6.3
1.6.4
1.6.5
1.6.6
1.6.7
1.6.8
1.6.12
1.6.13
1.6.15
1.6.17
1.6.18
1.7.0
1.7.1
1.7.2
1.7.3
1.7.5
1.7.6
1.7.7
1.7.8
1.7.9
1.7.10
1.7.11
1.7.12
1.7.13
1.7.14
1.7.15
1.7.16
1.7.17
1.7.18
1.7.19
1.7.20
1.7.21
1.7.22
1.7.23
1.8.0
1.8.2
1.9.0
1.9.1
1.9.2
1.9.3
1.9.5
1.9.6
1.10.0
1.10.2
1.10.3
1.11.0
1.11.2
1.11.3
1.11.4
1.11.5
1.11.8
1.12.0
1.12.1
1.12.2
1.12.3
1.12.4
1.12.5
1.12.7
1.12.8
1.12.9
1.13.0
1.13.2
1.13.3
1.13.4
1.13.5
1.13.6
1.13.7
1.13.8
1.13.9
1.13.10
1.13.11
1.13.12
1.13.15
1.14.0
1.14.1
1.14.2
1.14.3
1.14.4
1.15.1
1.15.2
1.15.6
1.16.0
1.16.1
1.16.2
1.17.0
1.17.1
1.17.2
1.17.3
1.17.4
1.17.6
1.17.8
1.17.9
1.18.0
1.18.1
1.18.2
1.18.3
1.18.5
1.18.6
1.18.7
1.19.0
1.19.1
1.20.0
1.20.1
1.21.0
1.22.0
1.23.0
1.24.0
1.24.1
1.24.2
1.25.0
1.25.1
1.25.2
1.26.0
1.26.1
1.26.2
1.26.3
1.26.4
1.26.5
1.27.0
1.27.1
1.99.0
1.99.1
1.99.3
1.99.4
1.99.5
1.99.6
1.99.7
1.99.8
1.99.9
1.99.10
1.99.11
2.*
2.0.0
2.1.0
2.1.2
2.2.0
2.2.1
2.3.0
2.4.0
2.5.0
2.6.0
2.6.1
2.7.0
2.7.1
2.7.2
2.8.0
2.8.1
2.8.3
2.9.0
2.9.1
2.10.0
2.10.1
2.10.2
2.11.0
2.11.1
2.11.2
2.11.4
2.12.0
2.13.0
2.13.1
2.13.2
2.13.3
2.13.4
2.13.5
2.13.6
2.13.7
2.13.8
2.14.0
2.15.0
2.17.1
2.18.0
2.19.0
2.19.1
2.19.2
2.19.4
2.19.5
2.20.0
2.20.1
2.20.2
2.21.0
2.21.1
2.21.2
2.21.3
2.22.0
2.22.1
2.22.2
2.23.0
2.24.0
2.24.1
2.25.0
2.25.1
2.25.2
2.25.3
2.26.0
2.27.0
2.28.0
2.30.0
2.30.1
2.31.0
2.32.0
2.33.0
2.34.0
2.35.0
2.36.0
2.37.0
2.38.0
2.39.0
2.40.0
2.41.1
2.41.2
2.42.0
2.42.1
2.42.2
2.43.0
2.44.0
2.45.0
2.45.1
2.45.2
2.50.0
2.51.0
2.51.1
2.51.2
2.52.0
2.53.0
2.54.0
2.55.0
2.55.1
2.55.2
2.56.0
2.57.0
2.58.0
2.58.1
2.58.2
2.58.3
2.59.0
2.60.0
2.60.1
2.61.0
2.62.0
2.62.1
2.62.2
2.62.3
2.62.4
22.*
22.1.4.0
22.1.4.1
22.2.1.0
22.2.1.2
22.2.2.0
22.2.2.1
22.2.4.0
22.2.4.1
22.3.1.0
22.3.3.0
22.3.4.0
22.3.4.1
22.3.4.2
22.3.4.3
22.3.5.0
22.4.2.0
22.4.2.1
22.4.2.2
22.4.3.0
22.4.5.0
22.5.1.0
22.5.1.1
22.5.1.2
22.5.2.0
22.5.4.0
22.6.1.0
22.6.1.1
22.6.1.2
22.6.2.0
22.6.2.1
22.6.2.2
22.7.3.0
22.7.3.1
22.7.3.2
22.7.3.3
22.7.3.4
22.7.4.0
22.7.4.1
22.7.5.0
22.7.5.1
22.8.2.0
22.8.2.1
22.8.3.0
22.8.3.1
22.8.4.0
22.8.4.1
22.8.5.0
22.9.3.0
22.9.3.1
22.9.4.0
22.9.5.1
22.9.5.2
22.9.5.3
22.9.5.4
22.10.2.0
22.10.2.1
22.11.3.0
22.11.3.2
22.11.4.0
22.11.4.1
22.11.4.2
22.11.4.3
22.12.4.0
22.12.4.2
22.12.4.3
23.*
23.1.3.0
23.1.3.1
23.1.3.2
23.1.5.0
23.2.1.0
23.2.2.1
23.2.3.0
23.2.3.1
23.2.4.0
23.2.4.1
23.2.4.2
23.2.4.3
23.3.2.0
23.3.3.0
23.3.3.1
23.3.3.2
23.3.3.3
23.3.3.4
23.3.3.5
23.3.4.0
23.3.5.0
23.4.3.0
23.4.3.1
23.4.3.2
23.4.4.0
23.4.4.1
23.4.4.2
23.4.4.3
23.4.4.4
23.5.3.1
23.5.3.2
23.5.4.1
23.6.1.1
23.6.2.0
23.6.3.0
23.6.3.1
23.6.4.0
23.6.5.0
23.6.5.1
23.7.1.0
23.7.2.0
23.7.3.1
23.7.4.0
23.7.4.1
23.8.1.0
23.8.3.0
23.9.1.0
23.9.1.1
23.9.2.0
23.9.2.1
23.9.3.0
23.9.3.1
23.10.2.0
23.10.3.0
23.10.3.1
23.10.5.0
23.11.1.0
23.11.4.0
23.11.4.1
23.11.4.4a6
23.12.4.0
23.12.4.1
23.12.4.2
24.*
24.1.4.0
24.2.3.0
24.3.4.0
24.3.4.1
24.3.4.2
24.3.5.0
24.4.2.0
24.4.2.1
24.4.3.0
24.5.4.0
24.6.1.0
24.6.1.1
24.6.2.0
24.6.2.2
24.6.3.0
24.6.3.1
24.6.4.1
24.7.1.0
24.7.2.0
24.7.3.0
24.7.4.0
24.7.4.1
24.7.5.0
24.8.1.0
24.8.1.1
24.8.2.0
24.8.3.0
24.8.4.0
24.9.1.0
24.9.2.0
24.9.2.1
24.9.3.0
24.9.3.1
24.9.3.2
24.9.4.0
24.9.4.1
24.10.1.0
24.10.2.0
24.10.3.0
24.10.4.0
24.10.4.1
24.10.4.2
24.10.5.0
24.11.1.0
24.11.1.1
24.11.2.0
24.11.3.0
24.11.4.0
24.11.4.1
24.11.4.2
24.12.1.0
24.12.2.0
24.12.2.1
24.12.2.2
24.12.3.0
24.12.4.0
25.*
25.1.2.0
25.1.2.1
25.1.3.0
25.1.4.0
25.1.5.0
25.1.5.1
25.1.5.2
25.1.5.3
25.2.1.0
25.2.1.2
25.2.2.0
25.2.2.2
25.2.3.0
25.2.4.0
25.3.1.0
25.3.2.0
25.3.3.0
25.3.4.0
25.3.4.1
25.3.4.2
25.4.1.0
25.4.2.0
25.4.2.1
25.4.3.0
25.4.3.1
25.4.3.2
25.4.4.0
25.4.5.0
25.5.3.0
25.5.4.0
25.5.4.1
25.5.4.2
25.6.2.0
25.6.3.0
25.6.3.1
25.6.4.0
25.7.1.0
25.7.2.0
25.7.3.0
25.7.4.0
25.8.2.0
25.8.3.0
25.9.1.0
25.9.1.1
25.9.1.2
25.9.2.0a1
25.9.3rc1
25.10.0rc1
25.10.0
25.10.1
25.11.0rc1
25.11.0rc2
25.11.0
25.11.1
25.12.0rc1
25.12.0
25.13.0rc1
25.13.0rc2
25.13.0
25.13.1
25.14.0rc1
25.14.0
25.14.1
26.*
26.0.0rc1
26.0.0rc2
26.0.0rc3
26.0.0
26.0.1

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/mindsdb/PYSEC-2026-2648.yaml"