Skip to main content

Cognee EUVDEUVD-2026-42095

| CVE-2026-58473 CRITICAL
Missing Authorization (CWE-862)
2026-07-07 VulnCheck GHSA-49f7-whx5-4256
9.3
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
10.0 CRITICAL

Unauthenticated network access via self-registration justifies PR:N/AV:N/AC:L; overwriting a shared singolo config to hijack all users' data is a scope change (S:C) with high C and I but no availability impact.

3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jul 07, 2026 - 21:27 vuln.today

DescriptionCVE.org

Cognee before 1.2.0 contains an improper access control vulnerability that allows unauthenticated attackers to overwrite the global LLM provider configuration by self-registering an account and calling the settings endpoint, which performs no admin or superuser check. Attackers can redirect all LLM operations instance-wide to an attacker-controlled endpoint by exploiting the process-wide singleton configuration cache, enabling exfiltration of prompts, uploaded documents, extracted entities, and knowledge graph content from all users.

AnalysisAI

Instance-wide LLM configuration hijacking in Cognee before 1.2.0 lets any remote attacker self-register a normal account and overwrite the global LLM provider settings through the /api/v1/settings endpoint, which performs no admin or superuser authorization check. Because the configuration is held in a process-wide singleton cache, a single call redirects every user's LLM operations to an attacker-controlled endpoint, exfiltrating prompts, uploaded documents, extracted entities, and knowledge-graph content. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach exposed Cognee API
Delivery
Self-register normal account
Exploit
POST to /api/v1/settings with attacker LLM endpoint
Execution
Global singleton config overwritten
Persist
All users' LLM traffic redirected
Impact
Exfiltrate prompts, documents, and knowledge graph

Vulnerability AssessmentAI

Exploitation The attacker must be able to reach the Cognee API over the network and create an account via self-registration (the description explicitly says 'self-registering an account'), then call the settings endpoint that performs no admin/superuser check. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment All signals align toward high real-world priority. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker reaches a publicly exposed Cognee instance, uses the open self-registration flow to create an ordinary account, then calls the settings endpoint to point the global LLM provider base URL at a server they control. From that moment every user's prompts, uploaded documents, and generated knowledge-graph content are routed through the attacker's endpoint and silently captured. …
Remediation Vendor-released patch: upgrade Cognee to v1.2.0 or later (https://github.com/topoteretes/cognee/releases/tag/v1.2.0); the fix is in commit d10b1b77e2157c6238fd4d1acb1923a048991699, which adds the missing admin/superuser authorization check to the settings endpoint. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: (1) Identify all systems running Cognee before version 1.2.0 and assess exploitation risk; (2) upgrade to Cognee v1.2.0 across all instances; (3) review /api/v1/settings endpoint access logs for unauthorized configuration changes. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-42095 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy