PT-2026-8307 · Mindsdb · Mindsdb
Fushuling
·
Published
2026-02-16
·
Updated
2026-02-16
·
CVE-2026-2531
CVSS v3.1
7.3
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
MindsDB versions up to 25.14.1
Description
A security issue exists in MindsDB related to server-side request forgery. This occurs through manipulation of the
clear filename function within the mindsdb/utilities/security.py file, specifically in the File Upload component. The issue is exploitable remotely and has been publicly disclosed.Recommendations
Apply the patch with identifier 74d6f0fd4b630218519a700fbee1c05c7fd4b1ed to resolve this issue.
Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mindsdb