CVE-2026-11481
yoanbernabeu grepai Postgres Embedding Cache chunker.go PostgresStore.LookupByContentHash weak hash
CVSS Score
2.5
EPSS Score
0.0%
EPSS Percentile
1th
A vulnerability was determined in yoanbernabeu grepai up to 0.35.0. The affected element is the function PostgresStore.LookupByContentHash of the file indexer/chunker.go of the component Postgres Embedding Cache. Executing a manipulation of the argument content_hash can lead to use of weak hash. The attack needs to be launched locally. The attack requires a high level of complexity. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.
| CWE | CWE-328 CWE-327 |
| Vendor | yoanbernabeu |
| Product | grepai |
| Published | Jun 8, 2026 |
| Last Updated | Jun 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for yoanbernabeu grepai
Be the first to know when new low vulnerabilities affecting yoanbernabeu grepai are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
yoanbernabeu / grepai
0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 0.10 0.11 0.12 0.13 0.14 0.15 0.16 0.17 0.18 0.19 0.20 0.21 0.22 0.23 0.24 0.25 0.26 0.27 0.28 0.29 0.30 0.31 0.32 0.33 0.34 0.35.0
References
vuldb.com: https://vuldb.com/vuln/369101 vuldb.com: https://vuldb.com/vuln/369101/cti vuldb.com: https://vuldb.com/cve/CVE-2026-11481 vuldb.com: https://vuldb.com/submit/833997 github.com: https://github.com/yoanbernabeu/grepai/issues/249 github.com: https://github.com/yoanbernabeu/grepai/pull/250 github.com: https://github.com/yoanbernabeu/grepai/
Credits
๐ Dem000 (VulDB User) VulDB CNA Team