CVE-2026-2531

CVSS v2.0

6.5

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions MindsDB versions up to 25.14.1

Description A security issue exists in MindsDB related to server-side request forgery. This occurs through manipulation of the

clear filename

function within the

mindsdb/utilities/security.py

file, specifically in the File Upload component. The issue is exploitable remotely and has been publicly disclosed.

Recommendations Apply the patch with identifier 74d6f0fd4b630218519a700fbee1c05c7fd4b1ed to resolve this issue.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

CVE-2026-2531

Mindsdb