QSearchQSearch

CVE-2026-8335

A missing authentication check on the Aix‑DB "/llm/process_llm_out" endpoint allows unauthenticated clients to execute arbitrary "SELECT"...

Published: 2026-06-10 · Last updated: 2026-06-10

Severity and scoring

CWE
CWE-306

Description

A missing authentication check on the Aix‑DB "/llm/process_llm_out" endpoint allows unauthenticated clients to execute arbitrary "SELECT" SQL queries and retrieve database data, as the endpoint lacks the token validation enforced on all other application endpoints. All releases up to 1.2.4 are considered vulnerable. Status of next releases is unknown as the vulnerability has not been addressed by any patch.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2026-46612 Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes (8.8 HIGH)
  • CVE-2026-20253 In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.3 and 10.2.2510.14, an unauthen... (9.8 CRITICAL)
  • CVE-2026-45567 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers (8.3 HIGH)
  • CVE-2026-9045 During an internal security assessment, a potential vulnerability was discovered in Lenovo Accessories and Display Manager for Enterprise... (7.8 HIGH)
  • CVE-2026-53469 A flaw was found in migration-planner (9.1 CRITICAL)