Description
A vulnerability has been found in yoanbernabeu grepai 0.35.0. This issue affects some unknown processing of the file indexer/chunker.go of the component Qdrant Backend. Such manipulation leads to use of weak hash. The attack may be performed from remote. Attacks of this nature are highly complex. The exploitability is assessed as difficult. The exploit has been disclosed to the public and may be used. The pull request to fix this issue awaits acceptance.
Published: 2026-06-08
Score: 2.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the file indexer/chunker.go of the Qdrant Backend component in grepai. It causes the application to use a weak hash function, which can potentially allow attackers to craft hash collisions or preimage attacks. This weak hashing undermines data integrity and could be leveraged if hashes are used for authentication, checksums, or indexing, potentially enabling further exploitation. The semi-remote attack scenario is noted, but the exploit is described as highly complex and difficult to execute.

Affected Systems

The issue affects yoanbernabeu grepai version 0.35.0 specifically when the Qdrant Backend is used for file indexing. No other product versions are listed.

Risk and Exploitability

The CVSS score of 2.3 indicates a low severity level. No EPSS score is available and the vulnerability is not listed in CISA’s KEV catalog. An attacker could theoretically perform a remote exploit, but the described complexity and difficulty make immediate exploitation unlikely. The problem has been disclosed publicly, but a fix is awaiting acceptance in the upstream repository, so current mitigations rely on awaiting a patched release or temporary measures.

Generated by OpenCVE AI on June 8, 2026 at 04:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply an updated grepai release incorporating the merged pull request that resolves the weak hash issue.
  • If no update is available, disable the Qdrant backend or switch to an alternative backend that uses a strong hash algorithm until a patched version is released.
  • Restrict access to the file indexing functionality and monitor for abnormal hash usage or performance anomalies.
  • Subscribe to the grepai project issue tracker or repository to receive notifications when the fix is merged and released.

Generated by OpenCVE AI on June 8, 2026 at 04:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 08 Jun 2026 03:15:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in yoanbernabeu grepai 0.35.0. This issue affects some unknown processing of the file indexer/chunker.go of the component Qdrant Backend. Such manipulation leads to use of weak hash. The attack may be performed from remote. Attacks of this nature are highly complex. The exploitability is assessed as difficult. The exploit has been disclosed to the public and may be used. The pull request to fix this issue awaits acceptance.
Title yoanbernabeu grepai Qdrant Backend chunker.go weak hash
First Time appeared Yoanbernabeu
Yoanbernabeu grepai
Weaknesses CWE-327
CWE-328
CPEs cpe:2.3:a:yoanbernabeu:grepai:*:*:*:*:*:*:*:*
Vendors & Products Yoanbernabeu
Yoanbernabeu grepai
References
Metrics cvssV2_0

{'score': 3.6, 'vector': 'AV:N/AC:H/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.2, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.2, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 2.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Yoanbernabeu Grepai
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-08T02:15:09.333Z

Reserved: 2026-06-07T09:45:55.265Z

Link: CVE-2026-11479

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-06-08T03:16:20.190

Modified: 2026-06-08T14:57:14.757

Link: CVE-2026-11479

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-08T06:30:17Z

Weaknesses