Cognee before 1.2.0 contains an improper access control vulnerability that allows unauthenticated attackers to overwrite the global LLM provider configuration by self-registering an account and calling the settings endpoint, which performs no admin or superuser check. Attackers can redirect all LLM operations instance-wide to an attacker-controlled endpoint by exploiting the process-wide singleton configuration cache, enabling exfiltration of prompts, uploaded documents, extracted entities, and knowledge graph content from all users.
CVE-2026-58473
Score 9.1 from GitHub Security Advisory (severity: CRITICAL) published 2026-07-07. a secondary CVSS source baseline 9.1; sources differ by 0.0.
- High severity, but no confirmed exploitation yet
No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.
- CVSS v3
- 9.1
- EG Score
- 9.1(high)
- EPSS
- 29.3%
- KEV
- Not listed
Published
July 7, 2026
Last Modified
July 9, 2026
Advisory Details (4)
Auto-updated Jul 7, 2026Cognee < 1.2.0 Unauthorized LLM Configuration Overwrite via /api/v1/settings | Advisories | VulnCheck
https://www.vulncheck.com/advisories/cognee-unauthorized-llm-configuration-overwrite-via-api-v1-settingsv1.2.0
Patch available: topoteretes/cognee v1.2.0
https://github.com/topoteretes/cognee/releases/tag/v1.2.0[Bug]: Unrestricted Self-Registration + Global Configuration Takeover in Cognee · Issue #3084 · topoteretes/cognee · GitHub
https://github.com/topoteretes/cognee/issues/3084commit d10b1b77e215 (topoteretes/cognee)
Patch available: topoteretes/cognee v1.2.0 (contains commit d10b1b77e215)
https://github.com/topoteretes/cognee/commit/d10b1b77e2157c6238fd4d1acb1923a048991699Vendor Advisories for CVE-2026-58473(1)
These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.
Weakness Classification(2)
MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.
Data Freshness Timeline
(refreshed 86× in last 7d / 86× in last 30d)
Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.
- 2026-07-14 07:32 UTCEG score recompute
- 2026-07-14 07:32 UTCGHSA enrichment
- 2026-07-14 03:21 UTCEG score recompute
- 2026-07-14 03:21 UTCGHSA enrichment
- 2026-07-13 23:12 UTCEG score recompute
- 2026-07-13 23:12 UTCGHSA enrichment
- 2026-07-13 22:31 UTCEPSS rescore
- 2026-07-13 19:02 UTCEG score recompute
- 2026-07-13 19:02 UTCGHSA enrichment
- 2026-07-13 14:53 UTCEG score recompute
- 2026-07-13 14:53 UTCGHSA enrichment
- 2026-07-13 10:43 UTCEG score recompute
- 2026-07-13 10:43 UTCGHSA enrichment
- 2026-07-13 06:33 UTCEG score recompute
- 2026-07-13 06:32 UTCGHSA enrichment
- 2026-07-13 06:13 UTCEPSS rescore
- 2026-07-13 06:13 UTCEPSS rescore
- 2026-07-13 02:21 UTCEG score recompute
- 2026-07-13 02:21 UTCGHSA enrichment
- 2026-07-12 22:12 UTCEG score recompute
- 2026-07-12 22:12 UTCGHSA enrichment
- 2026-07-12 18:02 UTCEG score recompute
- 2026-07-12 18:02 UTCGHSA enrichment
- 2026-07-12 13:51 UTCEG score recompute
- 2026-07-12 13:51 UTCGHSA enrichment
Show 61 moreShow fewer
- 2026-07-12 09:38 UTCEG score recompute
- 2026-07-12 09:38 UTCGHSA enrichment
- 2026-07-12 05:46 UTCEPSS rescore
- 2026-07-12 05:28 UTCEG score recompute
- 2026-07-12 05:27 UTCGHSA enrichment
- 2026-07-12 01:17 UTCEG score recompute
- 2026-07-12 01:17 UTCGHSA enrichment
- 2026-07-11 21:07 UTCEG score recompute
- 2026-07-11 21:07 UTCGHSA enrichment
- 2026-07-11 16:58 UTCEG score recompute
- 2026-07-11 16:58 UTCGHSA enrichment
- 2026-07-11 12:48 UTCEG score recompute
- 2026-07-11 12:48 UTCGHSA enrichment
- 2026-07-11 08:38 UTCEG score recompute
- 2026-07-11 08:38 UTCGHSA enrichment
- 2026-07-11 08:27 UTCEPSS rescore
- 2026-07-11 08:27 UTCEPSS rescore
- 2026-07-11 04:28 UTCEG score recompute
- 2026-07-11 04:28 UTCGHSA enrichment
- 2026-07-11 00:18 UTCEG score recompute
- 2026-07-11 00:18 UTCGHSA enrichment
- 2026-07-10 20:09 UTCEG score recompute
- 2026-07-10 20:08 UTCGHSA enrichment
- 2026-07-10 15:57 UTCEG score recompute
- 2026-07-10 15:57 UTCGHSA enrichment
- 2026-07-10 11:48 UTCEG score recompute
- 2026-07-10 11:47 UTCGHSA enrichment
- 2026-07-10 07:36 UTCEG score recompute
- 2026-07-10 07:36 UTCGHSA enrichment
- 2026-07-10 03:24 UTCEG score recompute
- 2026-07-10 03:24 UTCGHSA enrichment
- 2026-07-09 23:15 UTCEG score recompute
- 2026-07-09 23:15 UTCGHSA enrichment
- 2026-07-09 19:10 UTCEPSS rescore
- 2026-07-09 19:10 UTCEPSS rescore
- 2026-07-09 19:05 UTCEG score recompute
- 2026-07-09 19:05 UTCGHSA enrichment
- 2026-07-09 14:51 UTCEG score recompute
- 2026-07-09 14:51 UTCGHSA enrichment
- 2026-07-09 10:41 UTCEG score recompute
- 2026-07-09 10:40 UTCGHSA enrichment
- 2026-07-09 06:27 UTCEG score recompute
- 2026-07-09 06:27 UTCGHSA enrichment
- 2026-07-09 02:17 UTCEG score recompute
- 2026-07-09 02:17 UTCGHSA enrichment
- 2026-07-08 22:05 UTCEG score recompute
- 2026-07-08 22:05 UTCGHSA enrichment
- 2026-07-08 17:53 UTCEG score recompute
- 2026-07-08 17:53 UTCGHSA enrichment
- 2026-07-08 15:16 UTCEPSS rescore
- 2026-07-08 15:16 UTCEPSS rescore
- 2026-07-08 13:44 UTCEG score recompute
- 2026-07-08 13:44 UTCGHSA enrichment
- 2026-07-08 09:33 UTCEG score recompute
- 2026-07-08 09:32 UTCGHSA enrichment
- 2026-07-08 05:23 UTCEG score recompute
- 2026-07-08 05:22 UTCGHSA enrichment
- 2026-07-08 01:12 UTCEG score recompute
- 2026-07-08 01:12 UTCGHSA enrichment
- 2026-07-07 21:03 UTCEG score recompute
- 2026-07-07 21:01 UTCMITRE cvelistV5first tracked
Related CVEs(same CWE)
Same CWE
10 shownCWE-306 · CWE-862
- CVE-2011-10013EG 10.0CRITICAL
- CVE-2014-125124EG 10.0CRITICAL
- CVE-2017-2637EG 10.0EPSS 91%CRITICAL
- CVE-2010-5326EG 10.0 KEVEPSS 97%CRITICAL
- CVE-2013-3960EG 9.9CRITICAL
- CVE-2012-10030EG 9.8CRITICAL
- CVE-2015-10143EG 9.8CRITICAL
- CVE-2016-11036EG 9.8CRITICAL
- CVE-2014-3449EG 9.8CRITICAL
- CVE-2006-0062EG 9.8CRITICAL
Frequently asked(5)
What is CVE-2026-58473?
When was CVE-2026-58473 disclosed?
Is CVE-2026-58473 actively exploited?
What is the CVSS score of CVE-2026-58473?
How do I remediate CVE-2026-58473?
Dependency Blast Radius
Explore the affected products and dependency analysis for CVE-2026-58473
Is Your Infrastructure Affected by CVE-2026-58473?
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.