PatchSiren cyber security CVE debrief
CVE-2026-11481 yoanbernabeu CVE debrief
A vulnerability was determined in yoanbernabeu grepai up to 0.35.0. The affected element is the function PostgresStore.LookupByContentHash of the file indexer/chunker.go of the component Postgres Embedding Cache. Executing a manipulation of the argument content_hash can lead to use of weak hash. The attack needs to be launched locally. The attack requires a high level of complexity. The exploitability is described as difficult.
- Vendor
- yoanbernabeu
- Product
- grepai
- CVSS
- LOW 1.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-08
Who should care
Users of yoanbernabeu grepai up to 0.35.0
Technical summary
The vulnerability is in the PostgresStore.LookupByContentHash function in indexer/chunker.go, allowing for weak hash usage via manipulation of the content_hash argument.
Defensive priority
LOW
Recommended defensive actions
- Update to version beyond 0.35.0 if available
- Review and apply patches as they become available
Evidence notes
The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.
Official resources
Publicly disclosed