CVE-2026-13513

Sažetak

A security flaw has been discovered in MyScale MyScaleDB up to 1.8.0. This vulnerability affects the function SegmentId::getCacheKey in the library src/VectorIndex/Common/SegmentId.h. The manipulation results in insufficient verification of data authenticity. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is stated that the exploitability is difficult. The exploit has been released to the public and may be used for attacks. The pull request to fix this issue awaits acceptance.

Reference

https://github.com/myscale/MyScaleDB/
https://github.com/myscale/MyScaleDB/issues/54
https://github.com/myscale/MyScaleDB/pull/55
https://vuldb.com/cve/CVE-2026-13513
https://vuldb.com/submit/838878
https://vuldb.com/vuln/374521
https://vuldb.com/vuln/374521/cti

CVSS

Base:	4.6
Impact:	6.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:H/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

29-06-2026 - 00:16

Objavljeno

29-06-2026 - 00:16