top of page
perceptive_background_267k.jpg

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byom_handler/proc_wrapper.py of …

Published:

3 mei 2026 om 22:00:00

Alert date:

4 mei 2026 om 01:01:02

Source:

nvd.nist.gov

Click to open the original link from this advisory

Database & Storage, Web Technologies

A critical vulnerability has been identified in MindsDB up to version 26.01 affecting the exec function in the BYOM handler component. The flaw allows for unrestricted file uploads and can be exploited remotely. Public exploits are available making this vulnerability particularly dangerous. The vulnerability is located in the proc_wrapper.py file of the Engine Handler component. The vendor was notified but has not responded to the disclosure.

Technical details

Mitigation steps:

Affected products:

MindsDB

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-7711
https://github.com/nn0nkey/JD-Security-SHENYI-Team/blob/main/MindsDB_BYOM_RCE.md
https://vuldb.com/submit/806822
https://vuldb.com/vuln/360887
https://vuldb.com/vuln/360887/cti

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page