CVE-2024-45848: An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the
Summary
MindsDB versions 23.12.4.0 through 24.7.4.1 contain an arbitrary code execution vulnerability (the ability to run unwanted commands on a server) when the ChromaDB integration is installed. An attacker can craft a malicious 'INSERT' query containing Python code that gets executed on the server because the code is passed to an eval function (a function that runs text as if it were code).
Vulnerability Details
8.8(high)
EPSS: 0.4%
Classification
Affected Vendors
Related Issues
CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling
CVE-2026-26190: Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus expose
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-45848
First tracked: February 15, 2026 at 08:48 PM
Classified by LLM (prompt v3) · confidence: 92%