Soumettre #806822: mindsdb <=26.01 Remote Code Executioninformation

Titremindsdb <=26.01 Remote Code Execution
DescriptionMindsDB's BYOM (Bring Your Own Model) feature allows users to upload custom Python model code via HTTP API. Key Issues: Uploaded code is directly executed via exec() when creating the engine No need to pre-create files on the server No authentication required (default configuration) RCE can be achieved through a single HTTP PUT request
La source⚠️ https://github.com/nn0nkey/JD-Security-SHENYI-Team/blob/main/MindsDB_BYOM_RCE.md
Utilisateur
 JD Security SHENYI Team (UID 97436)
Soumission17/04/2026 06:33 (il y a 2 mois)
Modérer03/05/2026 09:43 (16 days later)
StatutAccepté
Entrée VulDB360887 [MindsDB jusqu’à 26.01 Engine proc_wrapper.py exec élévation de privilèges]
Points19

PrécédentAperçuSuivant

Do you want to use VulDB in your project?

Use the official API to access entries easily!