CVE-2026-2531: MindsDB affected by a SSRF vulnerability
(updated )
A security vulnerability has been detected in MindsDB up to 25.14.1. This vulnerability affects the function clear_filename of the file mindsdb/utilities/security.py of the component File Upload. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
References
- github.com/advisories/GHSA-6xw9-2p64-7622
- github.com/mindsdb/mindsdb
- github.com/mindsdb/mindsdb/issues/12163
- github.com/mindsdb/mindsdb/pull/12213
- github.com/themavik/mindsdb/commit/74d6f0fd4b630218519a700fbee1c05c7fd4b1ed
- nvd.nist.gov/vuln/detail/CVE-2026-2531
- vuldb.com/?ctiid.346119
- vuldb.com/?id.346119
- vuldb.com/?submit.748219
Code Behaviors & Features
Detect and mitigate CVE-2026-2531 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →