All releases up to 1.2.4 are considered vulnerable. Status of next releases is unknown as the vulnerability has not been addressed by any patch.
Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Thu, 11 Jun 2026 10:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Aix-db
Aix-db aix-db |
|
| Vendors & Products |
Aix-db
Aix-db aix-db |
Wed, 10 Jun 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 10 Jun 2026 14:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A missing authentication check on the Aix‑DB "/llm/process_llm_out" endpoint allows unauthenticated clients to execute arbitrary "SELECT" SQL queries and retrieve database data, as the endpoint lacks the token validation enforced on all other application endpoints. All releases up to 1.2.4 are considered vulnerable. Status of next releases is unknown as the vulnerability has not been addressed by any patch. | |
| Title | Missing authentication in Aix-DB | |
| Weaknesses | CWE-306 | |
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: CERT-PL
Published:
Updated: 2026-06-10T16:05:36.144Z
Reserved: 2026-05-11T15:30:18.104Z
Link: CVE-2026-8335
Updated: 2026-06-10T16:05:32.836Z
Status : Awaiting Analysis
Published: 2026-06-10T15:16:42.803
Modified: 2026-06-10T20:19:35.917
Link: CVE-2026-8335
No data.
OpenCVE Enrichment
Updated: 2026-06-11T10:41:39Z