{"data":{"id":"dbd27ee4-390a-4a31-b4c5-e3a4d0e1a9fa","title":"CVE-2026-11479: A vulnerability has been found in yoanbernabeu grepai 0.35.0. This issue affects some unknown processing of the file ind","summary":"A vulnerability (CVE-2026-11479) was found in grepai version 0.35.0 that involves the use of weak hash functions (a cryptographic method that doesn't adequately scramble data) in the file indexer/chunker.go, which is part of the Qdrant Backend component. The vulnerability is difficult to exploit and requires remote access with user credentials, though the exploit details have been publicly disclosed.","solution":"N/A -- no mitigation discussed in source. The source only mentions that a pull request to fix this issue awaits acceptance, but does not provide details about an available patch, update version, or workaround.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-11479","publishedAt":"2026-06-08T03:16:20.190Z","cveId":"CVE-2026-11479","cweIds":["CWE-327","CWE-328"],"cvssScore":"4.2","cvssSeverity":"medium","severity":"medium","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["yoanbernabeu/grepai"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L","attackVector":"network","attackComplexity":"high","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-08T03:16:20.190Z","capecIds":["CAPEC-20"],"crossRefCount":0,"attackSophistication":"advanced","impactType":["integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.65,"researchCategory":null,"atlasIds":null}}