Skip to main content

Aix-DB CVE-2026-8335

| EUVD-2026-36050 HIGH
Missing Authentication for Critical Function (CWE-306)
2026-06-10 CERT-PL GHSA-x546-prg5-fvp8
Authentication Bypass Aix Db
7.1
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jun 10, 2026 - 15:35 vuln.today
CVSS changed
Jun 10, 2026 - 15:22 NVD
7.1 (HIGH)

DescriptionNVD

A missing authentication check on the Aix‑DB "/llm/process_llm_out" endpoint allows unauthenticated clients to execute arbitrary "SELECT" SQL queries and retrieve database data, as the endpoint lacks the token validation enforced on all other application endpoints. All releases up to 1.2.4 are considered vulnerable. Status of next releases is unknown as the vulnerability has not been addressed by any patch.

AnalysisAI

Unauthenticated SQL data exfiltration in Aix-DB versions up to and including 1.2.4 allows attackers on adjacent networks to issue arbitrary SELECT queries against the application's database through the /llm/process_llm_out endpoint, which omits the token validation enforced on every other application route. The flaw was disclosed by CERT-PL and currently has no public exploit identified at time of analysis, but the CVSS 4.0 vector (AV:A/AC:L/PR:N/UI:N/VC:H) reflects trivial exploitation once an attacker reaches the deployment network. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach adjacent network segment hosting Aix-DB
Delivery
Identify exposed /llm/process_llm_out endpoint
Exploit
Send unauthenticated POST with crafted SELECT
Execution
Endpoint bypasses token middleware
Persist
Database returns query results
Impact
Iterate to enumerate schema and exfiltrate sensitive rows
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Attacker must have network reachability to the Aix-DB HTTP service from an adjacent network position (CVSS AV:A) - typically the same L2 segment, VPN, or routed internal subnet as the deployment, not arbitrary internet origin. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score of 7.1 is driven by AV:A (adjacent network) rather than AV:N, meaning the attacker must share a broadcast or routable segment with the Aix-DB host - for many internal deployments this is functionally equivalent to network-reachable, but it does limit drive-by internet exploitation. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has gained a foothold on the same adjacent network as an Aix-DB deployment - for example via a compromised workstation, rogue Wi-Fi client, or lateral movement from another internal service - sends a crafted HTTP POST to /llm/process_llm_out carrying a SELECT statement against sensitive tables. Because the endpoint never invokes the token check used by sibling routes, the query executes and the response leaks rows directly to the attacker, who can iteratively enumerate schemas and extract data such as credentials, user records, or LLM prompt history. …
Remediation No vendor-released patch identified at time of analysis, so until the apconw/Aix-DB maintainers publish a fix that enforces the standard token middleware on /llm/process_llm_out, operators should apply compensating controls: place Aix-DB behind a reverse proxy or WAF that requires authentication on the /llm/process_llm_out path (trade-off: breaks any legitimate client that depends on the unauthenticated behaviour), restrict network reachability of the Aix-DB listener to a trusted management segment using host or network firewalls to neutralise the AV:A vector, and monitor application/database logs for unexpected SELECT activity sourced from the LLM pipeline. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Audit all Aix-DB deployments to identify versions ≤1.2.4; implement network access controls blocking the /llm/process_llm_out endpoint via WAF or network ACLs to deny unauthenticated queries. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-8335 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy