CVE-2026-7711 | MindsDB up to 26.01 Engine proc_wrapper.py exec unrestricted upload

Inserito da Angelo Barbosa | Mag 3, 2026 | CVE

A vulnerability categorized as critical has been discovered in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byom_handler/proc_wrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload.

This vulnerability is handled as CVE-2026-7711. The attack can be executed remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-7711 | MindsDB up to 26.01 Engine proc_wrapper.py exec unrestricted upload

Post correlati

CVE-2026-40244 | AcademySoftwareFoundation OpenEXR up to 3.2.7/3.3.9/3.4.9 EXR File internal_dwa_compressor.h integer overflow (GHSA-j526-66f6-fxhx)

CVE-2024-6942 | ThinkSAAS 3.7.0 Admin Panel Security Center anti.php ip/email/phone cross site scripting (Issue 37)

CVE-2026-3124 | wpchill Download Monitor Plugin up to 5.1.7 on WordPress executePayment authorization

CVE-2024-28135 | Phoenix Contact CHARX SEC-3150 up to 1.5.1 API injection (VDE-2024-019)