PatchSiren cyber security CVE debrief
CVE-2026-8335 Aix-DB CVE debrief
CVE-2026-8335 is a high-severity vulnerability in Aix-DB, a product from an unknown vendor. The vulnerability exists due to a missing authentication check on the /llm/process_llm_out endpoint, which allows unauthenticated clients to execute arbitrary SELECT SQL queries and retrieve database data. All releases up to 1.2.4 are considered vulnerable, and the status of next releases is unknown as the vulnerability has not been addressed by any patch.
- Vendor
- Aix-DB
- Product
- Unknown
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-10
Who should care
Security teams and administrators responsible for Aix-DB installations should be aware of this vulnerability and take necessary precautions to mitigate the risk.
Technical summary
The vulnerability has a CVSS score of 7.1 and is classified as HIGH severity. The CVSS vector is CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. The weakness associated with this vulnerability is CWE-306.
Defensive priority
High
Recommended defensive actions
- Review and restrict access to the /llm/process_llm_out endpoint
- Implement authentication and authorization mechanisms for the endpoint
- Monitor for suspicious activity and potential exploitation attempts
Evidence notes
The vulnerability was published on June 10, 2026, and last modified on June 10, 2026. The CVE record can be found at [cve-org]. More information is available at [nvd].
Official resources
CVE-2026-8335 was publicly disclosed on 2026-06-10T15:16:42.803Z.