Skip to main content

khoj CVE-2026-13508

| EUVDEUVD-2026-40005 LOW
Improper Authorization (CWE-285)
2026-06-28 cna@vuldb.com GHSA-5f46-vq6x-rmc9
2.0
CVSS 4.0 · Vendor: vuldb

Severity by source

Vendor (vuldb) PRIMARY
2.0 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.4 MEDIUM

Network-accessible, low-complexity; authenticated low-privileged user (PR:L) exploits missing authorization check with no victim interaction required; no availability impact observed.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (vuldb).

CVSS VectorVendor: vuldb

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
P
Scope
X

Lifecycle Timeline

2
Source Code Evidence Fetched
Jun 28, 2026 - 22:31 vuln.today
Analysis Generated
Jun 28, 2026 - 22:31 vuln.today

DescriptionCVE.org

A flaw has been found in khoj-ai khoj up to 2.0.0-beta.28. This impacts an unknown function of the file src/khoj/routers/api_chat.py of the component Conversation Sharing Handler. This manipulation of the argument conversation.agent causes incorrect authorization. Remote exploitation of the attack is possible. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance.

AnalysisAI

Incorrect authorization in khoj's Conversation Sharing Handler exposes private agent configurations to authenticated low-privileged users in versions up to 2.0.0-beta.28. The conversation.agent parameter is passed through shared conversation copy paths in src/khoj/routers/api_chat.py without verifying the requesting user's permission to access that agent, allowing leakage of private agent personality instructions and system prompts across trust boundaries. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate to multi-user khoj instance
Delivery
Obtain shared conversation URL referencing private agent
Exploit
Access shared conversation copy endpoint
Execution
Trigger unguarded create_conversation_from_public_conversation handler
Persist
Private agent assigned without authorization check
Impact
Read leaked agent personality and system prompt instructions

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to be an authenticated, low-privileged user on a multi-user khoj deployment running version 2.0.0-beta.28 or earlier (confirmed by PR:L in the CVSS 4.0 vector - unauthenticated exploitation is not possible). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score of 2.0 is low, reflecting limited per-axis impact (VC:L/VI:L/VA:L, no subsequent-system impact) and the requirement for authenticated low-privileged access (PR:L). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated user on a shared khoj deployment obtains a public conversation link for a conversation that a different user created while using a private agent. By accessing that shared conversation URL, the attacker triggers create_conversation_from_public_conversation, which - without the fix - directly assigns the private agent to the new conversation copy without an authorization check. …
Remediation No officially released patched version has been confirmed at time of analysis. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-13508 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy