CVE-2026-13508
khoj-ai khoj Conversation Sharing api_chat.py authorization
CVSS Score
5.5
EPSS Score
0.0%
EPSS Percentile
0th
A flaw has been found in khoj-ai khoj up to 2.0.0-beta.28. This impacts an unknown function of the file src/khoj/routers/api_chat.py of the component Conversation Sharing Handler. This manipulation of the argument conversation.agent causes incorrect authorization. Remote exploitation of the attack is possible. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance.
| CWE | CWE-863 CWE-285 |
| Vendor | khoj-ai |
| Product | khoj |
| Published | Jun 28, 2026 |
Stay Ahead of the Next One
Get instant alerts for khoj-ai khoj
Be the first to know when new medium vulnerabilities affecting khoj-ai khoj are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
khoj-ai / khoj
2.0.0-beta.0 2.0.0-beta.1 2.0.0-beta.2 2.0.0-beta.3 2.0.0-beta.4 2.0.0-beta.5 2.0.0-beta.6 2.0.0-beta.7 2.0.0-beta.8 2.0.0-beta.9 2.0.0-beta.10 2.0.0-beta.11 2.0.0-beta.12 2.0.0-beta.13 2.0.0-beta.14 2.0.0-beta.15 2.0.0-beta.16 2.0.0-beta.17 2.0.0-beta.18 2.0.0-beta.19 2.0.0-beta.20 2.0.0-beta.21 2.0.0-beta.22 2.0.0-beta.23 2.0.0-beta.24 2.0.0-beta.25 2.0.0-beta.26 2.0.0-beta.27 2.0.0-beta.28
References
vuldb.com: https://vuldb.com/vuln/374516 vuldb.com: https://vuldb.com/vuln/374516/cti vuldb.com: https://vuldb.com/cve/CVE-2026-13508 vuldb.com: https://vuldb.com/submit/838812 github.com: https://github.com/khoj-ai/khoj/issues/1327 github.com: https://github.com/khoj-ai/khoj/pull/1328 github.com: https://github.com/khoj-ai/khoj/
Credits
๐ Dem000000 (VulDB User) VulDB CNA Team