Description
Cognita is a RAG (Retrieval Augmented Generation) Framework for building modular, open source applications for production by TrueFoundry. An insecure CORS configuration in the Cognita backend server allows arbitrary websites to send cross site requests to the application. This vulnerability is fixed in commit 75079c3d3cf376381489b9a82ee46c69024e1a15.
References (3)
Core 3
Core References
Various Sources x_refsource_confirm
https://securitylab.github.com/advisories/GHSL-2024-193_GHSL-2024-194_Cognita/
Issue Tracking x_refsource_misc
https://github.com/truefoundry/cognita/pull/424
Scores
CVSS v4
6.9
EPSS
0.0024
EPSS Percentile
47.6%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
truefoundry/cognita
< 75079c3d3cf376381489b9a82ee46c69024e1a15
Published
Mar 07, 2025
Tracked Since
Feb 18, 2026