Cyber Resilience

CVE-2026-7711

Medium

Published: 04 May 2026

Published
04 May 2026
Modified
05 May 2026
KEV Added
Patch
CVSS Score v4 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0005 17.3th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-7711 is a medium-severity Improper Access Control (CWE-284) vulnerability. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 17.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-7711 is a vulnerability in MindsDB versions up to 26.01, affecting the exec function within the file mindsdb/integrations/handlers/byom_handler/proc_wrapper.py in the Engine Handler component. The issue enables unrestricted file uploads through remote manipulation, as identified by CWEs-284 (Improper Access Control) and CWE-434 (Unrestricted Upload of File with Dangerous Type). It carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), indicating high severity due to its network accessibility and lack of prerequisites.

Remote attackers require no privileges or user interaction to exploit this vulnerability, allowing them to perform manipulations that result in unrestricted uploads. Successful exploitation grants low-level impacts on confidentiality, integrity, and availability, with a publicly available exploit detailed in a GitHub repository, potentially enabling further attacks such as remote code execution.

Advisories from VulDB and the referenced GitHub proof-of-concept highlight the issue but note no vendor response despite early disclosure contact. No patches or official mitigations are mentioned, leaving affected systems reliant on workarounds like restricting network access to the Engine Handler or upgrading beyond version 26.01 if available.

The exploit's public availability increases the risk of real-world attacks, particularly in environments using MindsDB for data and ML integrations.

EU & UK References

Vulnerability details

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byom_handler/proc_wrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit…

more

has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1105 Ingress Tool Transfer Command And Control
Adversaries may transfer tools or other files from an external system into a compromised environment.
T1059.006 Python Execution
Adversaries may abuse Python commands and scripts for execution.
Why these techniques?

Unrestricted remote file upload in public-facing MindsDB Engine Handler directly enables T1190 exploitation for initial access; the upload mechanism facilitates T1105 Ingress Tool Transfer of malicious files; exec function in Python proc_wrapper enables T1059.006 arbitrary code execution leading to RCE.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-5573Shared CWE-284, CWE-434
CVE-2025-7880Shared CWE-284, CWE-434
CVE-2025-1834Shared CWE-284, CWE-434
CVE-2026-1107Shared CWE-284, CWE-434
CVE-2025-0722Shared CWE-284, CWE-434
CVE-2025-2687Shared CWE-284, CWE-434
CVE-2026-4221Shared CWE-284, CWE-434
CVE-2024-13133Shared CWE-284, CWE-434
CVE-2026-1424Shared CWE-284, CWE-434
CVE-2025-0460Shared CWE-284, CWE-434

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations for access to the exec function, directly mitigating the improper access control enabling unrestricted remote file uploads.

prevent

Validates inputs to the Engine Handler's exec function, preventing manipulation leading to uploads of dangerous file types.

prevent

Restricts the types and volume of inputs allowed to the vulnerable proc_wrapper.py exec function, blocking unrestricted uploads.

References