AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2024-45846: An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the

highvulnerability

security

Source: NVD/CVE DatabaseSeptember 12, 2024CVE-2024-45846

Summary

MindsDB versions 23.10.3.0 through 24.7.4.1 have a vulnerability that allows arbitrary code execution (running unauthorized commands on a server) when the Weaviate integration is installed. An attacker can exploit this by crafting a malicious SQL SELECT WHERE clause containing Python code, which gets executed through an eval function (a function that interprets and runs code as if it were written in the program).

Vulnerability Details

CVSS Score

8.8(high)

EPSS (30-day exploit probability)

EPSS: 0.4%

Classification

Attack SophisticationModerate

Impact (CIA+S)

integrityconfidentialityavailability

Taxonomy References

CWE (Weakness Type)

CWE-95 CWE-94

CAPEC (Attack Pattern)

CAPEC-242

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-45846

First tracked: February 15, 2026 at 08:48 PM

Classified by LLM (prompt v3) · confidence: 85%