CVE-2026-11481 LOW

CVE-2026-11481: yoanbernabeu grepai Postgres Embedding Cache chunker.go PostgresStore.LookupByContentHash weak hash

Vendor Yoanbernabeu
Product grepai
Weakness CWE-328 · Weak hash
Published June 8, 2026
Last update June 8, 2026

CVSS base score

2.0/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was determined in yoanbernabeu grepai up to 0.35.0. The affected element is the function PostgresStore.LookupByContentHash of the file indexer/chunker.go of the component Postgres Embedding Cache. Executing a manipulation of the argument content_hash can lead to use of weak hash. The attack needs to be launched locally. The attack requires a high level of complexity. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.

Key dates

02Disclosure timeline

June 8, 2026 CVE published
June 8, 2026 Record updated