Nixpkgs security tracker
Dismissed
(not in Nixpkgs)
Permalink
CVE-2026-7711
7.3 HIGH
- CVSS version: 3.1
- Attack vector (AV):
- Attack complexity (AC):
- Privileges required (PR):
- User interaction (UI):
- Scope (S):
- Confidentiality impact (C):
- Integrity impact (I):
- Availability impact (A):
by @LeSuisse Activity log
- Created suggestion
- @LeSuisse dismissed (not in Nixpkgs)
MindsDB Engine proc_wrapper.py exec unrestricted upload
A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byom_handler/proc_wrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
References
-
-
-
Submit #806822 | mindsdb <=26.01 Remote Code Execution third-party-advisory
Affected products
MindsDB
- ==26.01
Matching in nixpkgs
pkgs.python312Packages.mindsdb-evaluator
Model evaluation for Machine Learning pipelines
pkgs.python313Packages.mindsdb-evaluator
Model evaluation for Machine Learning pipelines
pkgs.python314Packages.mindsdb-evaluator
Model evaluation for Machine Learning pipelines
Package maintainers
-
@mbalatsko Maksym Balatsko <mbalatsko@gmail.com>