Impact
Cognee versions prior to 1.2.0 suffer from an improper access control flaw that allows an unauthenticated attacker to overwrite the global LLM provider configuration by first self‑registering and then invoking the /api/v1/settings endpoint, which lacks an admin or superuser check. By redirecting all LLM operations to an attacker‑controlled endpoint, the vulnerable instance can exfiltrate prompts, uploaded documents, extracted entities, and knowledge graph content from every user. The failure to enforce authentication and authorization on this configuration endpoint means that any network participant can manipulate the AI service workflow and compromise data confidentiality.
Affected Systems
Cognee, all releases before 1.2.0. Users of the open‑source project who have not applied the 1.2.0 release or a later patch are affected.
Risk and Exploitability
The vulnerability carries a CVSS score of 9.3 and, even though an EPSS score is not provided, the flaw is trivially exploitable via the public self‑service registration and configuration API. Because the attacker does not need special credentials beyond the ability to register, the likelihood of exploitation is high. The vulnerability is not present in the CISA KEV catalog, but the impact and scope warrant urgent attention.
OpenCVE Enrichment