← volver
CVE-2026-11481

yoanbernabeu grepai Postgres Embedding Cache chunker.go PostgresStore.LookupByContentHash weak hash

CVSS 2 LOWEPSS 0.1%CWE-327CWE-328
A vulnerability was determined in yoanbernabeu grepai up to 0.35.0. The affected element is the function PostgresStore.LookupByContentHash of the file indexer/chunker.go of the component Postgres Embedding Cache. Executing a manipulation of the argument content_hash can lead to use of weak hash. The attack needs to be launched locally. The attack requires a high level of complexity. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
Productos afectados
yoanbernabeu · grepai
PoCs públicas encontradas1
cve_referencegithub.com/yoanbernabeu/grepai/issues/249no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/yoanbernabeu/grepai/https://github.com/yoanbernabeu/grepai/issues/249https://github.com/yoanbernabeu/grepai/pull/250https://vuldb.com/cve/CVE-2026-11481https://vuldb.com/submit/833997https://vuldb.com/vuln/369101https://vuldb.com/vuln/369101/cti