Cyber Resilience

CVE-2026-2531

MediumPublic PoC

Published: 16 February 2026

Published
16 February 2026
Modified
19 February 2026
KEV Added
Patch
CVSS Score v4 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0008 23.3th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-2531 is a medium-severity SSRF (CWE-918) vulnerability in Mindsdb Mindsdb. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 23.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-4 (Information Flow Enforcement).

Deeper analysis

CVE-2026-2531 is a server-side request forgery (SSRF) vulnerability, classified under CWE-918, affecting MindsDB versions up to 25.14.1. The issue resides in the clear_filename function within the file mindsdb/utilities/security.py, part of the File Upload component. It carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L), indicating medium severity with network accessibility, low attack complexity, and requirements for low privileges.

The vulnerability can be exploited remotely by authenticated users with low privileges, enabling SSRF attacks through manipulation of the affected function. Successful exploitation allows limited impacts on confidentiality, integrity, and availability, potentially permitting attackers to forge requests to internal or external resources from the server context.

Advisories recommend applying the patch via commit 74d6f0fd4b630218519a700fbee1c05c7fd4b1ed, available in the MindsDB GitHub repository. Related discussions and the fix are documented in GitHub issue #12163 and pull request #12213.

The exploit has been publicly disclosed, increasing the risk of active exploitation. MindsDB, an open-source platform for integrating AI and machine learning into databases, makes this vulnerability particularly relevant for organizations deploying ML workflows.

EU & UK References

Vulnerability details

A security vulnerability has been detected in MindsDB up to 25.14.1. This vulnerability affects the function clear_filename of the file mindsdb/utilities/security.py of the component File Upload. Such manipulation leads to server-side request forgery. The attack may be performed from remote.…

more

The exploit has been disclosed publicly and may be used. The name of the patch is 74d6f0fd4b630218519a700fbee1c05c7fd4b1ed. It is best practice to apply a patch to resolve this issue.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

SSRF in public-facing MindsDB web app (file upload component) directly enables remote exploitation of the application by authenticated users to issue forged requests against internal/external resources.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-68472Same product: Mindsdb Mindsdb
CVE-2026-27483Same product: Mindsdb Mindsdb
CVE-2026-6514Shared CWE-918
CVE-2026-44116Shared CWE-918
CVE-2026-21887Shared CWE-918
CVE-2026-31910Shared CWE-918
CVE-2026-48153Shared CWE-918
CVE-2026-45298Shared CWE-918
CVE-2026-39362Shared CWE-918
CVE-2026-31989Shared CWE-918

Affected Assets

mindsdb
mindsdb
≤ 25.14.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces validation and sanitization of filename/URL inputs in the clear_filename function to block SSRF payloads before server-side requests are issued.

prevent

Enforces information flow policies that restrict the server from making arbitrary outbound requests to internal or external resources, limiting SSRF exploitation.

preventdetect

Applies boundary protection mechanisms to monitor and filter unauthorized server-initiated requests that characterize SSRF attacks.

References