CVE-2026-8335
HIGHAix-DB <= 1.2.4 - Missing Authentication on LLM SQL Query Endpoint
Title source: manualDescription
A missing authentication check on the Aix‑DB "/llm/process_llm_out" endpoint allows unauthenticated clients to execute arbitrary "SELECT" SQL queries and retrieve database data, as the endpoint lacks the token validation enforced on all other application endpoints. All releases up to 1.2.4 are considered vulnerable. Status of next releases is unknown as the vulnerability has not been addressed by any patch.
References (2)
Core 2
Core References
Product product
https://github.com/apconw/Aix-DB
Third Party Advisory third-party-advisory
https://cert.pl/posts/2026/06/CVE-2026-8335
Scores
CVSS v4
7.1
EPSS
0.0019
EPSS Percentile
9.3%
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-306
Status
published
Products (1)
Aix-DB/Aix-DB
< 1.2.4
Published
Jun 10, 2026
Tracked Since
Jun 10, 2026