CVE-2026-27483 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: February 24, 2026
MindsDB - Remote Code Execution
Overview
MindsDB < 25.9.1.1 contains a remote code execution caused by path traversal in the /api/files upload file module, letting authenticated attackers write arbitrary files and execute commands, exploit requires authentication.
Severity & Score
Impact
Authenticated attackers can execute arbitrary commands remotely by writing files to arbitrary paths on the server.
Mitigation
Upgrade to version 25.9.1.1 or later.
References
Social Media Activity(2 posts)
š CVE-2026-27483 - High (8.8) MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.9.1.1, there is a path traversal vulnerability in Mindsdb's /api/files interface, which an authenticated attacker can exploit to achieve remote co... š https://www.thehackerwire.com/vulnerability/CVE-2026-27483/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-27483 - High (8.8) MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.9.1.1, there is a path traversal vulnerability in Mindsdb's /api/files interface, which an authenticated attacker can exploit to achieve remote co... š https://www.thehackerwire.com/vulnerability/CVE-2026-27483/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-27483
- Severity
- High
- CVSS Score
- 8.8
- Type
- path_traversal
- Status
- unconfirmed
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-22
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H