CVE-2026-11481

Summary

A vulnerability was determined in yoanbernabeu grepai up to 0.35.0. The affected element is the function PostgresStore.LookupByContentHash of the file indexer/chunker.go of the component Postgres Embedding Cache. Executing a manipulation of the argument content_hash can lead to use of weak hash. The attack needs to be launched locally. The attack requires a high level of complexity. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.

Affected Software

VendorProductVersion RangeStatus
yoanbernabeugrepai0.1affected
yoanbernabeugrepai0.2affected
yoanbernabeugrepai0.3affected
yoanbernabeugrepai0.4affected
yoanbernabeugrepai0.5affected
yoanbernabeugrepai0.6affected
yoanbernabeugrepai0.7affected
yoanbernabeugrepai0.8affected
yoanbernabeugrepai0.9affected
yoanbernabeugrepai0.10affected
yoanbernabeugrepai0.11affected
yoanbernabeugrepai0.12affected
yoanbernabeugrepai0.13affected
yoanbernabeugrepai0.14affected
yoanbernabeugrepai0.15affected
yoanbernabeugrepai0.16affected
yoanbernabeugrepai0.17affected
yoanbernabeugrepai0.18affected
yoanbernabeugrepai0.19affected
yoanbernabeugrepai0.20affected
yoanbernabeugrepai0.21affected
yoanbernabeugrepai0.22affected
yoanbernabeugrepai0.23affected
yoanbernabeugrepai0.24affected
yoanbernabeugrepai0.25affected
yoanbernabeugrepai0.26affected
yoanbernabeugrepai0.27affected
yoanbernabeugrepai0.28affected
yoanbernabeugrepai0.29affected
yoanbernabeugrepai0.30affected
yoanbernabeugrepai0.31affected
yoanbernabeugrepai0.32affected
yoanbernabeugrepai0.33affected
yoanbernabeugrepai0.34affected
yoanbernabeugrepai0.35.0affected

Weaknesses

  • CWE-328: Use of Weak Hash
  • CWE-327: Risky Cryptographic Algorithm

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References