Weaviate
Monthly
Authorization bypass in Weaviate's Static API Key Handler (versions 1.37.0-1.37.7) stems from the validateConfig function failing to reject duplicate API keys mapped to distinct users, allowing key-to-user resolution to resolve ambiguously. An authenticated low-privilege attacker holding a duplicated key can authenticate to Weaviate and be resolved as an unintended user identity, bypassing user-level authorization controls. Publicly available exploit code exists (GitHub issue #11392), though the CVSS 4.0 score of 1.3 reflects high attack complexity and the authenticated, misconfiguration-dependent nature of the attack - no public exploitation or CISA KEV listing has been identified at time of analysis.
Authorization bypass in Weaviate's Static API Key Handler (versions 1.37.0-1.37.7) stems from the validateConfig function failing to reject duplicate API keys mapped to distinct users, allowing key-to-user resolution to resolve ambiguously. An authenticated low-privilege attacker holding a duplicated key can authenticate to Weaviate and be resolved as an unintended user identity, bypassing user-level authorization controls. Publicly available exploit code exists (GitHub issue #11392), though the CVSS 4.0 score of 1.3 reflects high attack complexity and the authenticated, misconfiguration-dependent nature of the attack - no public exploitation or CISA KEV listing has been identified at time of analysis.