Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-27483 PoC — MindsDB 路径遍历漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2026/CVE-2026-27483.yaml
Associated Vulnerability
Title:MindsDB 路径遍历漏洞 (CVE-2026-27483)
Description:MindsDB是MindsDB公司的一个专为AI代理和大语言模型设计的联合查询引擎,可以回答pb级企业数据的问题。 MindsDB 25.9.1.1之前版本存在路径遍历漏洞,该漏洞源于/api/files接口存在路径遍历,可能导致经过身份验证的攻击者通过上传文件实现远程命令执行。
Description
MindsDB < 25.9.1.1 contains a remote code execution caused by path traversal in the /api/files upload file module, letting authenticated attackers write arbitrary files and execute commands, exploit requires authentication.
File Snapshot

 id: CVE-2026-27483

info:
  name: MindsDB - Remote Code Execution
  author: thewhiteh4t
  severity: 

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.