GHSA-q76h-p6jh-9rw3LowCVSS 2.5
A vulnerability was determined in yoanbernabeu grepai up to 0.35.0. The affected element is the...
🔗 CVE IDs covered (1)
📋 Description
A vulnerability was determined in yoanbernabeu grepai up to 0.35.0. The affected element is the function PostgresStore.LookupByContentHash of the file indexer/chunker.go of the component Postgres Embedding Cache. Executing a manipulation of the argument content_hash can lead to use of weak hash. The attack needs to be launched locally. The attack requires a high level of complexity. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.
🔗 References (9)
- https://nvd.nist.gov/vuln/detail/CVE-2026-11481
- https://github.com/yoanbernabeu/grepai/issues/249
- https://github.com/yoanbernabeu/grepai/pull/250
- https://github.com/yoanbernabeu/grepai
- https://vuldb.com/cve/CVE-2026-11481
- https://vuldb.com/submit/833997
- https://vuldb.com/vuln/369101
- https://vuldb.com/vuln/369101/cti
- https://github.com/advisories/GHSA-q76h-p6jh-9rw3