yoanbernabeu grepai Postgres Embedding Cache chunker.go PostgresStore.LookupByContentHash weak hash

2 / 10

LOW

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was determined in yoanbernabeu grepai up to 0.35.0. The affected element is the function PostgresStore.LookupByContentHash of the file indexer/chunker.go of the component Postgres Embedding Cache. Executing a manipulation of the argument content_hash can lead to use of weak hash. The attack needs to be launched locally. The attack requires a high level of complexity. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.

Basic Information

ID CVE-2026-11481

Source VulDB

Published Jun 8, 2026 at 02:45

Affected Product

Vendor yoanbernabeu

Product grepai

Version 0.1

Affected Versions yoanbernabeu grepai 0.1
yoanbernabeu grepai 0.2
yoanbernabeu grepai 0.3
yoanbernabeu grepai 0.4
yoanbernabeu grepai 0.5
yoanbernabeu grepai 0.6
yoanbernabeu grepai 0.7
yoanbernabeu grepai 0.8
yoanbernabeu grepai 0.9
yoanbernabeu grepai 0.10
yoanbernabeu grepai 0.11
yoanbernabeu grepai 0.12
yoanbernabeu grepai 0.13
yoanbernabeu grepai 0.14
yoanbernabeu grepai 0.15
yoanbernabeu grepai 0.16
yoanbernabeu grepai 0.17
yoanbernabeu grepai 0.18
yoanbernabeu grepai 0.19
yoanbernabeu grepai 0.20
yoanbernabeu grepai 0.21
yoanbernabeu grepai 0.22
yoanbernabeu grepai 0.23
yoanbernabeu grepai 0.24
yoanbernabeu grepai 0.25
yoanbernabeu grepai 0.26
yoanbernabeu grepai 0.27
yoanbernabeu grepai 0.28
yoanbernabeu grepai 0.29
yoanbernabeu grepai 0.30
yoanbernabeu grepai 0.31
yoanbernabeu grepai 0.32
yoanbernabeu grepai 0.33
yoanbernabeu grepai 0.34
yoanbernabeu grepai 0.35.0

CWE Classification

CWE-328 CWE-327

References

{
    "lastseen": "",
    "description": "A vulnerability was determined in yoanbernabeu grepai up to 0.35.0. The affected element is the function PostgresStore.LookupByContentHash of the file indexer/chunker.go of the component Postgres Embedding Cache. Executing a manipulation of the argument content_hash can lead to use of weak hash. The attack needs to be launched locally. The attack requires a high level of complexity. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.",
    "published": "2026-06-08T02:45:11.546Z",
    "modified": "2026-06-08T02:45:11.546Z",
    "type": "cve",
    "title": "yoanbernabeu grepai Postgres Embedding Cache chunker.go PostgresStore.LookupByContentHash weak hash",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/369101\nhttps://vuldb.com/vuln/369101/cti\nhttps://vuldb.com/cve/CVE-2026-11481\nhttps://vuldb.com/submit/833997\nhttps://github.com/yoanbernabeu/grepai/issues/249\nhttps://github.com/yoanbernabeu/grepai/pull/250\nhttps://github.com/yoanbernabeu/grepai/",
    "id": "CVE-2026-11481",
    "bulletinFamily": "",
    "cwe": [
        "CWE-328",
        "CWE-327"
    ],
    "cvelist": null,
    "sourceData": "yoanbernabeu grepai 0.1\nyoanbernabeu grepai 0.2\nyoanbernabeu grepai 0.3\nyoanbernabeu grepai 0.4\nyoanbernabeu grepai 0.5\nyoanbernabeu grepai 0.6\nyoanbernabeu grepai 0.7\nyoanbernabeu grepai 0.8\nyoanbernabeu grepai 0.9\nyoanbernabeu grepai 0.10\nyoanbernabeu grepai 0.11\nyoanbernabeu grepai 0.12\nyoanbernabeu grepai 0.13\nyoanbernabeu grepai 0.14\nyoanbernabeu grepai 0.15\nyoanbernabeu grepai 0.16\nyoanbernabeu grepai 0.17\nyoanbernabeu grepai 0.18\nyoanbernabeu grepai 0.19\nyoanbernabeu grepai 0.20\nyoanbernabeu grepai 0.21\nyoanbernabeu grepai 0.22\nyoanbernabeu grepai 0.23\nyoanbernabeu grepai 0.24\nyoanbernabeu grepai 0.25\nyoanbernabeu grepai 0.26\nyoanbernabeu grepai 0.27\nyoanbernabeu grepai 0.28\nyoanbernabeu grepai 0.29\nyoanbernabeu grepai 0.30\nyoanbernabeu grepai 0.31\nyoanbernabeu grepai 0.32\nyoanbernabeu grepai 0.33\nyoanbernabeu grepai 0.34\nyoanbernabeu grepai 0.35.0",
    "sourceHref": "",
    "cvss": {
        "score": 2,
        "severity": "LOW",
        "vector": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "grepai",
    "version": "0.1",
    "vendor": "yoanbernabeu",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

yoanbernabeu grepai Postgres Embedding Cache chunker.go PostgresStore.LookupByContentHash weak hash_CVE-2026-11481