Critical Alert 4 Active Exploits Detected Today

CVE-2026-48908 JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability →
CVE-2026-55255 Langflow Authorization Bypass Through User-Controlled Key Vulnerability →
CVE-2026-56290 Joomlack Page Builder Improper Access Control Vulnerability →
CVE-2026-48282 Adobe ColdFusion Path Traversal Vulnerability →
Powered by CVE Watchtower
×

CVE Watchtower


← Back to CVE List

CVE-2026-58473NVD

Vulnerability Summary

Cognee before 1.2.0 contains an improper access control vulnerability that allows unauthenticated attackers to overwrite the global LLM provider configuration by self-registering an account and calling the settings endpoint, which performs no admin or superuser check. Attackers can redirect all LLM operations instance-wide to an attacker-controlled endpoint by exploiting the process-wide singleton configuration cache, enabling exfiltration of prompts, uploaded documents, extracted entities, and knowledge graph content from all users.
Severity Level
CRITICAL(9.1)
Published Date
Jul 7, 2026
Last Modified
Jul 7, 2026
Exploitation Status
No confirmed exploitation yet
EPSS Score (30-Day)
Data Pending
Root Weakness (CWE)
N/A
CVSS v3.1 Base Metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityNone