CVE-2026-13508 MEDIUM

CVE-2026-13508: khoj-ai khoj Conversation Sharing api_chat.py authorization

Vendor Khoj-Ai
Product khoj
Weakness CWE-863 · Incorrect authorization
Published June 28, 2026
Last update June 29, 2026
View on NVD All CVEs

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A flaw has been found in khoj-ai khoj up to 2.0.0-beta.28. This impacts an unknown function of the file src/khoj/routers/api_chat.py of the component Conversation Sharing Handler. This manipulation of the argument conversation.agent causes incorrect authorization. Remote exploitation of the attack is possible. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance.

Key dates

02Disclosure timeline

June 28, 2026 CVE published
June 29, 2026 Record updated