Cognee
Monthly
Instance-wide LLM configuration hijacking in Cognee before 1.2.0 lets any remote attacker self-register a normal account and overwrite the global LLM provider settings through the /api/v1/settings endpoint, which performs no admin or superuser authorization check. Because the configuration is held in a process-wide singleton cache, a single call redirects every user's LLM operations to an attacker-controlled endpoint, exfiltrating prompts, uploaded documents, extracted entities, and knowledge-graph content. This is confirmed publicly available exploit code exists (reported by VulnCheck, with a released vendor patch in v1.2.0), and the CVSS 4.0 score is 9.3 (Critical).
Instance-wide LLM configuration hijacking in Cognee before 1.2.0 lets any remote attacker self-register a normal account and overwrite the global LLM provider settings through the /api/v1/settings endpoint, which performs no admin or superuser authorization check. Because the configuration is held in a process-wide singleton cache, a single call redirects every user's LLM operations to an attacker-controlled endpoint, exfiltrating prompts, uploaded documents, extracted entities, and knowledge-graph content. This is confirmed publicly available exploit code exists (reported by VulnCheck, with a released vendor patch in v1.2.0), and the CVSS 4.0 score is 9.3 (Critical).