MindsDB CVE-2026-7712
LOWSeverity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A security vulnerability has been detected in MindsDB up to 26.01. Affected is the function pickle.loads of the component Pickle Handler. The manipulation leads to deserialization. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Unsafe deserialization in MindsDB pickle.loads function allows authenticated remote attackers to achieve limited information disclosure and integrity compromise via crafted serialized objects. The vulnerability affects MindsDB up to version 26.01, requires valid credentials (PR:L), and has publicly available exploit code; however, the low CVSS score (2.1) and limited scope indicate restricted real-world impact despite network accessibility.
Technical ContextAI
MindsDB's Pickle Handler component improperly deserializes untrusted pickle objects without validation, violating secure deserialization principles. The pickle module in Python is inherently unsafe when processing untrusted data because it can instantiate arbitrary Python objects during deserialization, potentially enabling code execution. The vulnerability is classified as CWE-20 (Improper Input Validation), indicating insufficient validation of pickle data before deserialization. The CVSS vector AV:N/AC:L indicates the attack requires network access and has low complexity; however, the PR:L requirement (low privilege needed) and limited impact scope (VC:L, VI:L, VA:L with SC:N, SI:N, SA:N) suggest the vulnerability grants only partial confidentiality and integrity impact without system-wide scope or availability compromise.
Affected ProductsAI
MindsDB through version 26.01 is affected. The vulnerability impacts the Pickle Handler component (pickle.loads function). Specific CPE entries for MindsDB are not provided in the input data; affected versions can be confirmed via the vendor's GitHub repository or official release notes. The vulnerability applies to all MindsDB installations up to and including version 26.01.
RemediationAI
Upgrade MindsDB to a version released after 26.01 that includes a fix for unsafe pickle deserialization. The vendor has not provided an official patch based on available data; monitor MindsDB's GitHub repository (https://github.com/mindsdb/mindsdb) and official releases for a patched version. As an immediate compensating control, restrict network access to MindsDB services to trusted users and networks only, enforce strong authentication mechanisms to limit PR:L attack surface, and disable or restrict the Pickle Handler component if it is not required for core functionality. If pickle deserialization cannot be avoided, implement sandboxing or implement input validation to reject unknown serialized objects. Note that network segmentation reduces attack vector from AV:N to effective AV:L in many deployments, providing meaningful risk reduction until a patch is deployed.
Same weakness CWE-20 – Improper Input Validation
View allSame technique Deserialization
View allShare
External POC / Exploit Code
Leaving vuln.today