Submeter #806822: mindsdb <=26.01 Remote Code Executioninformação

Títulomindsdb <=26.01 Remote Code Execution
DescriçãoMindsDB's BYOM (Bring Your Own Model) feature allows users to upload custom Python model code via HTTP API. Key Issues: Uploaded code is directly executed via exec() when creating the engine No need to pre-create files on the server No authentication required (default configuration) RCE can be achieved through a single HTTP PUT request
Fonte⚠️ https://github.com/nn0nkey/JD-Security-SHENYI-Team/blob/main/MindsDB_BYOM_RCE.md
Utilizador
 JD Security SHENYI Team (UID 97436)
Submissão17/04/2026 06h33 (há 2 meses)
Moderação03/05/2026 09h43 (16 days later)
EstadoAceite
Entrada VulDB360887 [MindsDB até 26.01 Engine proc_wrapper.py exec Elevação de Privilégios]
Pontos19

VoltarVisão GeralPróximo

Interested in the pricing of exploits?

See the underground prices here!