CVE-2023-38976: An issue in weaviate v.1.20.0 allows a remote attacker to cause a denial of service via the handleUnbatchedGraphQLReques
highvulnerability
security
Summary
Weaviate v.1.20.0 contains a vulnerability (CVE-2023-38976) in the handleUnbatchedGraphQLRequest function that allows remote attackers to cause a denial of service (making a service unavailable by overwhelming it with requests). The vulnerability has a CVSS score of 4.0 (a moderate severity rating).
Vulnerability Details
CVSS Score
7.5(high)
EPSS (30-day exploit probability)
EPSS: 7.1%
Classification
Attack Type
DoS
Attack SophisticationTrivial
Impact (CIA+S)
availability
AI Component TargetedRAG
Taxonomy References
CWE (Weakness Type)
Affected Vendors
HuggingFace
Related Issues
highcritical
CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling
Same vendorNVD/CVE Database
CVE-2026-26190: Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus expose
Same vendor
Original source: https://nvd.nist.gov/vuln/detail/CVE-2023-38976
First tracked: February 15, 2026 at 08:48 PM
Classified by LLM (prompt v3) · confidence: 88%