Skip to main content

grepai CVE-2026-11481

| EUVDEUVD-2026-35012 LOW
Use of a Broken or Risky Cryptographic Algorithm (CWE-327)
2026-06-08 cna@vuldb.com GHSA-q76h-p6jh-9rw3
1.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
1.1 LOW
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Source Code Evidence Fetched
Jun 08, 2026 - 03:31 vuln.today
Analysis Generated
Jun 08, 2026 - 03:31 vuln.today

DescriptionCVE.org

A vulnerability was determined in yoanbernabeu grepai up to 0.35.0. The affected element is the function PostgresStore.LookupByContentHash of the file indexer/chunker.go of the component Postgres Embedding Cache. Executing a manipulation of the argument content_hash can lead to use of weak hash. The attack needs to be launched locally. The attack requires a high level of complexity. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.

AnalysisAI

Cross-project embedding cache leakage in grepai (versions up to 0.35.0) allows a local low-privileged authenticated user to retrieve cached PostgreSQL embedding vectors belonging to other projects by supplying a known or predicted content_hash value to the LookupByContentHash function. The underlying flaw is a missing project_id scope in the SQL query, meaning any project's embedding vectors can be retrieved by any other authenticated caller who can supply a matching hash. No public exploitation has been confirmed via CISA KEV, but proof-of-concept exploit code has been publicly disclosed per VulDB and GitHub issue #249, and a fix PR (#250) is pending acceptance.

Technical ContextAI

grepai is an AI-assisted code search tool that uses PostgreSQL to cache text embedding vectors for indexed code chunks. The vulnerable component is PostgresStore.LookupByContentHash in store/postgres.go. The original SQL query was: SELECT vector FROM chunks WHERE content_hash = $1 AND vector IS NOT NULL LIMIT 1 - with no project_id filter. In a shared multi-project deployment, this means the content_hash alone acts as the only lookup key, creating an implicit authorization boundary based solely on hash value possession. CWE-327 (Use of a Broken or Risky Cryptographic Algorithm) is assigned by the reporter, characterizing the misuse of a hash as an authorization token without adequate scoping - if an attacker can supply or predict a valid content_hash from another project, they bypass the intended project isolation. The PR diff confirms the root cause: the fix adds project_id = $1 as the first filter parameter, scoping all vector lookups to the calling project's own data.

RemediationAI

A fix is available as upstream PR #250 (https://github.com/yoanbernabeu/grepai/pull/250) but has not yet been accepted or released as a tagged version - an exact patched release version is not independently confirmed at time of analysis. The PR modifies the SQL query to scope lookups by both project_id and content_hash, preventing cross-project cache reads. Until the fix is merged and a patched release is available, operators running multi-project deployments can mitigate by isolating each project's data using PostgreSQL row-level security (RLS) policies on the chunks table, restricting each database role to only its own project_id rows; this requires PostgreSQL 9.5+ and additional DBA configuration effort. Alternatively, running a separate PostgreSQL instance or schema per grepai project achieves full isolation with no RLS overhead, at the cost of increased infrastructure complexity. Single-project deployments are not exposed to cross-tenant leakage and require no immediate action.

CVE-2025-1094 HIGH POC
8.1 Feb 13

PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() improperl

CVE-2024-55964 CRITICAL POC
9.8 Mar 26

An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl

CVE-2013-1899 MEDIUM POC
6.5 Apr 04

Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows re

CVE-2026-20253 CRITICAL POC
9.8 Jun 10

Unauthenticated arbitrary file write in Splunk Enterprise (below 10.2.4 and 10.0.7) and Splunk Cloud Platform (below 10.

CVE-2017-7546 CRITICAL
9.8 Aug 16

PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allow

CVE-2015-1352 MEDIUM POC
5.0 Mar 30

The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate t

CVE-2024-10553 CRITICAL POC
9.8 Mar 20

A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitra

CVE-2019-9193 HIGH POC
7.2 Apr 01

In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_serve

CVE-2026-40887 CRITICAL POC
9.1 Apr 14

## Summary An unauthenticated SQL injection vulnerability exists in the Vendure Shop API. A user-controlled query strin

CVE-2022-24760 CRITICAL POC
10.0 Mar 12

Parse Server is an open source http web server backend. Rated critical severity (CVSS 10.0), this vulnerability is remot

CVE-2025-56157 CRITICAL POC
9.8 Dec 18

Hard-coded default PostgreSQL credentials shipped in the docker-compose.yaml of langgenius Dify through version 1.5.1 al

CVE-2024-12909 CRITICAL POC
9.8 Mar 20

A vulnerability in the FinanceChatLlamaPack of the run-llama/llama_index repository, versions up to v0.12.3, allows for

Share

CVE-2026-11481 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy