CVE•Published 2026-06-08•Modified 2026-06-08•0 articles on news•5 live references•NVD data

CVE-2026-11481

Vulnerability data via NVD (ingested)

CVSS v3.1

2.5

LOW

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS percentile

—

Weaknesses (CWE)

CWE-327Use of a Broken or Risky Cryptographic Algorithm CWE-328Use of Weak Hash

Description

A vulnerability was determined in yoanbernabeu grepai up to 0.35.0. The affected element is the function PostgresStore.LookupByContentHash of the file indexer/chunker.go of the component Postgres Embedding Cache. Executing a manipulation of the argument content_hash can lead to use of weak hash. The attack needs to be launched locally. The attack requires a high level of complexity. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.

Timeline

Published 2026-06-08

Modified 2026-06-08

External references

NVD MITRE Exploit-DB Sploitus VulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts

vuln:CVE-2026-11481

Hosts Shodan has explicitly fingerprinted as vulnerable.

More intel sources (5)

Shodan report

vuln:CVE-2026-11481

Country / ASN / product breakdown for the vuln query.

Censys

vulnerabilities.cve_id: CVE-2026-11481

Censys host search filtered to this CVE id.

grep.app

CVE-2026-11481