PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-10130 FalkorDB CVE debrief

CVE-2026-10130 is an authentication bypass vulnerability in QueryWeaver. The vulnerability allows unauthenticated attackers to obtain valid session tokens for existing accounts by submitting a signup request with a known victim email address. The signup route unconditionally creates and links a new token to the matching Identity via a Cypher MERGE operation before checking whether the email belongs to an existing account, causing the server to return a valid authenticated session token for the victim's identity without requiring any prior credentials or user interaction.

Vendor
FalkorDB
Product
QueryWeaver
CVSS
HIGH 8.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-18
Original CVE updated
2026-07-18
Advisory published
2026-07-18
Advisory updated
2026-07-18

Who should care

Organizations using QueryWeaver should prioritize patching this vulnerability to prevent potential unauthorized access to sensitive information. This authentication bypass vulnerability allows unauthenticated attackers to obtain valid session tokens for existing accounts by submitting a signup request with a known victim email address, potentially impacting operators, platforms, and security teams responsible for vulnerability management.

Technical summary

The QueryWeaver application contains an authentication bypass vulnerability. This vulnerability is triggered when an unauthenticated attacker submits a signup request with a known victim email address. Due to the application's logic in the signup route, it unconditionally creates and links a new token to the matching Identity via a Cypher MERGE operation. This occurs before the application checks whether the email belongs to an existing account. As a result, the server returns a valid authenticated session token for the victim's identity without requiring any prior credentials or user interaction.

Defensive priority

High

Recommended defensive actions

  • Apply patches or updates provided by the vendor to fix the authentication bypass vulnerability.
  • Implement additional monitoring to detect and respond to potential exploitation attempts.
  • Review and update incident response plans to address potential impacts of this vulnerability.
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
  • Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed.
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review.

Evidence notes

The CVE record was published on 2026-07-18T23:17:00.397Z and has not been modified since then. The NVD entry is currently 8.8 HIGH. Evidence is limited, and defenders should verify the existence of affected QueryWeaver deployments and review official advisories for scope, severity, and vendor guidance.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-18T23:17:00.397Z and has not been modified since then.