CVE-2026-11479
4.2 MEDIUMA vulnerability has been found in yoanbernabeu grepai 0.35.0
Published: 2026-06-08 · Last updated: 2026-06-08
Severity and scoring
- CVSS
- 4.2 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
- CWE
- CWE-327, CWE-328
Description
A vulnerability has been found in yoanbernabeu grepai 0.35.0. This issue affects some unknown processing of the file indexer/chunker.go of the component Qdrant Backend. Such manipulation leads to use of weak hash. The attack may be performed from remote. Attacks of this nature are highly complex. The exploitability is assessed as difficult. The exploit has been disclosed to the public and may be used. The pull request to fix this issue awaits acceptance.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-11479
- [Other]https://github.com/yoanbernabeu/grepai/
- [Other]https://github.com/yoanbernabeu/grepai/issues/247
- [Other]https://github.com/yoanbernabeu/grepai/pull/248
- [Other]https://vuldb.com/cve/CVE-2026-11479
- [Other]https://vuldb.com/submit/833971
- [Other]https://vuldb.com/vuln/369099
- [Other]https://vuldb.com/vuln/369099/cti
Related CVEs
Same CWE
- CVE-2025-10237 — During an internal security assessment, a potential vulnerability was discovered in some ThinkPad embedded controller firmware that could... (6.7 MEDIUM)
- CVE-2026-48488 — phpMyFAQ is an open source FAQ web application
- CVE-2026-11481 — A vulnerability was determined in yoanbernabeu grepai up to 0.35.0 (2.5 LOW)
- CVE-2026-46395 — HAX CMS helps manage microsite universe with PHP or NodeJs backends
- CVE-2026-11330 — A weakness has been identified in thedotmack claude-mem up to 11.0.1 (3.6 LOW)