إرسال #806822: mindsdb <=26.01 Remote Code Executionالمعلومات

عنوانmindsdb <=26.01 Remote Code Execution
الوصفMindsDB's BYOM (Bring Your Own Model) feature allows users to upload custom Python model code via HTTP API. Key Issues: Uploaded code is directly executed via exec() when creating the engine No need to pre-create files on the server No authentication required (default configuration) RCE can be achieved through a single HTTP PUT request
المصدر⚠️ https://github.com/nn0nkey/JD-Security-SHENYI-Team/blob/main/MindsDB_BYOM_RCE.md
المستخدم
 JD Security SHENYI Team (UID 97436)
ارسال17/04/2026 06:33 AM (2 أشهر منذ)
الاعتدال03/05/2026 09:43 AM (16 days later)
الحالةتمت الموافقة
إدخال VulDB360887 [MindsDB حتى 26.01 Engine proc_wrapper.py exec تجاوز الصلاحيات]
النقاط19

التالي نظرة عامة السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!