CVE-2026-11479
yoanbernabeu grepai Qdrant Backend chunker.go weak hash
CVSS Score
4.2
EPSS Score
0.0%
EPSS Percentile
10th
A vulnerability has been found in yoanbernabeu grepai 0.35.0. This issue affects some unknown processing of the file indexer/chunker.go of the component Qdrant Backend. Such manipulation leads to use of weak hash. The attack may be performed from remote. Attacks of this nature are highly complex. The exploitability is assessed as difficult. The exploit has been disclosed to the public and may be used. The pull request to fix this issue awaits acceptance.
| CWE | CWE-328 CWE-327 |
| Vendor | yoanbernabeu |
| Product | grepai |
| Published | Jun 8, 2026 |
| Last Updated | Jun 9, 2026 |
Stay Ahead of the Next One
Get instant alerts for yoanbernabeu grepai
Be the first to know when new medium vulnerabilities affecting yoanbernabeu grepai are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
yoanbernabeu / grepai
0.35.0
References
vuldb.com: https://vuldb.com/vuln/369099 vuldb.com: https://vuldb.com/vuln/369099/cti vuldb.com: https://vuldb.com/cve/CVE-2026-11479 vuldb.com: https://vuldb.com/submit/833971 github.com: https://github.com/yoanbernabeu/grepai/issues/247 github.com: https://github.com/yoanbernabeu/grepai/pull/248 github.com: https://github.com/yoanbernabeu/grepai/
Credits
๐ Dem000 (VulDB User) VulDB CNA Team