CVE Catalog

CVE-2026-13513

MediumCVSS 5.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.13%

3th percentile — higher than 3% of all known CVEs

Summary

A security flaw was discovered in MyScale MyScaleDB up to version 1.8.0 in the SegmentId::getCacheKey function within src/VectorIndex/Common/SegmentId.h. It involves insufficient verification of data authenticity, allowing remote attacks with high complexity. The exploit has been published, and a fix is pending acceptance.

Risk Assessment

The organization is exposed to remote attacks that could compromise data integrity in MyScaleDB. The high attack complexity and public exploit availability increase the risk, especially in production environments.

Recommendation

Immediately apply the available patch once accepted, or temporarily restrict access to MyScaleDB to trusted networks. Monitor the official project repository for updates.

Original NVD description (English source)

A security flaw has been discovered in MyScale MyScaleDB up to 1.8.0. This vulnerability affects the function SegmentId::getCacheKey in the library src/VectorIndex/Common/SegmentId.h. The manipulation results in insufficient verification of data authenticity. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is stated that the exploitability is difficult. The exploit has been released to the public and may be used for attacks. The pull request to fix this issue awaits acceptance.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS