MindsDB CVE-2026-7711
MEDIUMSeverity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byom_handler/proc_wrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
MindsDB versions up to 26.01 allow remote unauthenticated attackers to bypass authentication and perform unrestricted file uploads via manipulation of the exec function in the BYOM (Bring Your Own Model) handler's proc_wrapper.py component. Publicly available exploit code exists, and the vendor has not responded to early disclosure, leaving deployed instances vulnerable to remote code execution through malicious model uploads.
Technical ContextAI
MindsDB's BYOM (Bring Your Own Model) handler is a component within the Engine Handler that enables integration of custom machine learning models. The vulnerability exists in the exec function of mindsdb/integrations/handlers/byom_handler/proc_wrapper.py, which processes requests to execute or upload models. The root cause is classified as CWE-284 (Improper Access Control), indicating insufficient authentication or authorization checks in the file upload mechanism. This allows attackers to bypass authentication protections designed to restrict who can upload models to the MindsDB instance, effectively treating file uploads as unrestricted.
Affected ProductsAI
MindsDB versions up to and including 26.01 are affected. The vulnerability resides in the BYOM handler component (mindsdb/integrations/handlers/byom_handler/proc_wrapper.py). No specific minimum affected version is documented in available references, suggesting the vulnerability may affect earlier versions as well. Users should treat all MindsDB installations using the BYOM handler up to version 26.01 as potentially vulnerable.
RemediationAI
Upgrade MindsDB to a version newer than 26.01 if a patched release becomes available; however, as of the time of analysis, the vendor has not released a patch or acknowledged the vulnerability. Immediate compensating controls are critical: (1) Restrict network access to MindsDB instances by implementing firewall rules to allow BYOM handler access only from trusted internal networks or specific IP addresses, reducing AV:N to a practical AV:L; (2) Disable the BYOM handler entirely if custom model uploads are not required-this eliminates the attack surface; (3) Implement strict file upload validation at the network level using a Web Application Firewall (WAF) to reject suspicious model upload requests, though this may require model format signatures; (4) Monitor and log all file upload attempts to the BYOM handler and alert on uploads from unauthenticated sources. These controls add operational complexity and may limit legitimate use of custom models, so their application should be risk-weighted against business requirements. Actively monitor MindsDB release notes and security advisories for patches; if the vendor remains unresponsive, consider migrating to alternative solutions without known authentication bypass vulnerabilities.
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today