CVE 5.1 MEDIUM

khoj-ai khoj Conversation Sharing api_chat.py authorization_CVE-2026-13508

5.1 / 10
MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A flaw has been found in khoj-ai khoj up to 2.0.0-beta.28. This impacts an unknown function of the file src/khoj/routers/api_chat.py of the component Conversation Sharing Handler. This manipulation of the argument conversation.agent causes incorrect authorization. Remote exploitation of the attack is possible. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance.

Basic Information

ID CVE-2026-13508
Source VulDB
Published Jun 28, 2026 at 21:45

Affected Product

Vendor khoj-ai
Product khoj
Version 2.0.0-beta.0
Affected Versions khoj-ai khoj 2.0.0-beta.0
khoj-ai khoj 2.0.0-beta.1
khoj-ai khoj 2.0.0-beta.2
khoj-ai khoj 2.0.0-beta.3
khoj-ai khoj 2.0.0-beta.4
khoj-ai khoj 2.0.0-beta.5
khoj-ai khoj 2.0.0-beta.6
khoj-ai khoj 2.0.0-beta.7
khoj-ai khoj 2.0.0-beta.8
khoj-ai khoj 2.0.0-beta.9
khoj-ai khoj 2.0.0-beta.10
khoj-ai khoj 2.0.0-beta.11
khoj-ai khoj 2.0.0-beta.12
khoj-ai khoj 2.0.0-beta.13
khoj-ai khoj 2.0.0-beta.14
khoj-ai khoj 2.0.0-beta.15
khoj-ai khoj 2.0.0-beta.16
khoj-ai khoj 2.0.0-beta.17
khoj-ai khoj 2.0.0-beta.18
khoj-ai khoj 2.0.0-beta.19
khoj-ai khoj 2.0.0-beta.20
khoj-ai khoj 2.0.0-beta.21
khoj-ai khoj 2.0.0-beta.22
khoj-ai khoj 2.0.0-beta.23
khoj-ai khoj 2.0.0-beta.24
khoj-ai khoj 2.0.0-beta.25
khoj-ai khoj 2.0.0-beta.26
khoj-ai khoj 2.0.0-beta.27
khoj-ai khoj 2.0.0-beta.28

CWE Classification

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.