Description
Cognee before 1.2.0 contains an improper access control vulnerability that allows unauthenticated attackers to overwrite the global LLM provider configuration by self-registering an account and calling the settings endpoint, which performs no admin or superuser check. Attackers can redirect all LLM operations instance-wide to an attacker-controlled endpoint by exploiting the process-wide singleton configuration cache, enabling exfiltration of prompts, uploaded documents, extracted entities, and knowledge graph content from all users.
Published: 2026-07-07
Score: 9.3 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Cognee versions prior to 1.2.0 suffer from an improper access control flaw that allows an unauthenticated attacker to overwrite the global LLM provider configuration by first self‑registering and then invoking the /api/v1/settings endpoint, which lacks an admin or superuser check. By redirecting all LLM operations to an attacker‑controlled endpoint, the vulnerable instance can exfiltrate prompts, uploaded documents, extracted entities, and knowledge graph content from every user. The failure to enforce authentication and authorization on this configuration endpoint means that any network participant can manipulate the AI service workflow and compromise data confidentiality.

Affected Systems

Cognee, all releases before 1.2.0. Users of the open‑source project who have not applied the 1.2.0 release or a later patch are affected.

Risk and Exploitability

The vulnerability carries a CVSS score of 9.3 and, even though an EPSS score is not provided, the flaw is trivially exploitable via the public self‑service registration and configuration API. Because the attacker does not need special credentials beyond the ability to register, the likelihood of exploitation is high. The vulnerability is not present in the CISA KEV catalog, but the impact and scope warrant urgent attention.

Generated by OpenCVE AI on July 8, 2026 at 04:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Cognee to version 1.2.0 or later. This includes the fix that enforces proper admin/restricted access on the /api/v1/settings endpoint.
  • Verify that the /api/v1/settings endpoint now requires administrative or superuser authentication before accepting configuration changes. The endpoint should reject all non‑privileged requests.
  • If an immediate upgrade is not possible, block unauthenticated access to /api/v1/settings by configuring firewall, API gateway, or reverse‑proxy rules to restrict the endpoint to authenticated administrators only.

Generated by OpenCVE AI on July 8, 2026 at 04:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Jul 2026 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Topoteretes
Topoteretes cognee
Vendors & Products Topoteretes
Topoteretes cognee

Tue, 07 Jul 2026 21:00:00 +0000

Type Values Removed Values Added
Description Cognee before 1.2.0 contains an improper access control vulnerability that allows unauthenticated attackers to overwrite the global LLM provider configuration by self-registering an account and calling the settings endpoint, which performs no admin or superuser check. Attackers can redirect all LLM operations instance-wide to an attacker-controlled endpoint by exploiting the process-wide singleton configuration cache, enabling exfiltration of prompts, uploaded documents, extracted entities, and knowledge graph content from all users.
Title Cognee < 1.2.0 Unauthorized LLM Configuration Overwrite via /api/v1/settings
Weaknesses CWE-306
CWE-862
References
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}


Subscriptions

Topoteretes Cognee
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-07-07T20:34:54.943Z

Reserved: 2026-06-30T20:20:33.790Z

Link: CVE-2026-58473

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-08T04:30:05Z

Weaknesses
  • CWE-306

    Missing Authentication for Critical Function

  • CWE-862

    Missing Authorization