CVE-2026-2531
MindsDB File Upload security.py clear_filename server-side request forgery
CVSS Score
6.3
EPSS Score
0.0%
EPSS Percentile
0th
A security vulnerability has been detected in MindsDB up to 25.14.1. This vulnerability affects the function clear_filename of the file mindsdb/utilities/security.py of the component File Upload. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The name of the patch is 74d6f0fd4b630218519a700fbee1c05c7fd4b1ed. It is best practice to apply a patch to resolve this issue.
| CWE | CWE-918 |
| Vendor | n/a |
| Product | mindsdb |
| Published | Feb 16, 2026 |
| Last Updated | Feb 23, 2026 |
Stay Ahead of the Next One
Get instant alerts for n/a mindsdb
Be the first to know when new medium vulnerabilities affecting n/a mindsdb are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
n/a / MindsDB
25.14.0 25.14.1
References
vuldb.com: https://vuldb.com/?id.346119 vuldb.com: https://vuldb.com/?ctiid.346119 vuldb.com: https://vuldb.com/?submit.748219 github.com: https://github.com/mindsdb/mindsdb/issues/12163 github.com: https://github.com/mindsdb/mindsdb/pull/12213 github.com: https://github.com/themavik/mindsdb/commit/74d6f0fd4b630218519a700fbee1c05c7fd4b1ed github.com: https://github.com/mindsdb/mindsdb/
Credits
๐ fushuling (VulDB User)