CVE-2026-7711: MindsDB has an Improper Access Control Issue

May 4, 2026 (updated May 8, 2026)

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byom_handler/proc_wrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

References

github.com/advisories/GHSA-9f6m-65v9-x9g2
github.com/mindsdb/mindsdb
github.com/nn0nkey/JD-Security-SHENYI-Team/blob/main/MindsDB_BYOM_RCE.md
nvd.nist.gov/vuln/detail/CVE-2026-7711
vuldb.com/submit/806822
vuldb.com/vuln/360887
vuldb.com/vuln/360887/cti

Code Behaviors & Features

Detect and mitigate CVE-2026-7711 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →