CVE-2026-11481
LowCVSS 2.5Summary
A vulnerability was identified in the PostgresStore.LookupByContentHash function in versions up to 0.35.0 of the Postgres Embedding Cache component. Manipulating the content_hash argument can lead to the use of weak hash.
Risk Assessment
The attack requires local access and is complex, but the public disclosure of the vulnerability increases the risk of exploitation by third parties.
Recommendation
It is recommended to update to the latest version of the software once the fix is accepted to minimize the risk associated with this vulnerability.
Original NVD description (English source)
A vulnerability was determined in yoanbernabeu grepai up to 0.35.0. The affected element is the function PostgresStore.LookupByContentHash of the file indexer/chunker.go of the component Postgres Embedding Cache. Executing a manipulation of the argument content_hash can lead to use of weak hash. The attack needs to be launched locally. The attack requires a high level of complexity. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.

