CVE Catalog

CVE-2026-11481

LowCVSS 2.5
Published: Updated: Translated: NVD NIST

Summary

A vulnerability was identified in the PostgresStore.LookupByContentHash function in versions up to 0.35.0 of the Postgres Embedding Cache component. Manipulating the content_hash argument can lead to the use of weak hash.

Risk Assessment

The attack requires local access and is complex, but the public disclosure of the vulnerability increases the risk of exploitation by third parties.

Recommendation

It is recommended to update to the latest version of the software once the fix is accepted to minimize the risk associated with this vulnerability.

Original NVD description (English source)

A vulnerability was determined in yoanbernabeu grepai up to 0.35.0. The affected element is the function PostgresStore.LookupByContentHash of the file indexer/chunker.go of the component Postgres Embedding Cache. Executing a manipulation of the argument content_hash can lead to use of weak hash. The attack needs to be launched locally. The attack requires a high level of complexity. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS