CVE-2026-8335
Description
Aix-DB's /llm/process_llm_out endpoint lacks authentication, allowing unauthenticated SQL SELECT queries and data retrieval.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Aix-DB's /llm/process_llm_out endpoint lacks authentication, allowing unauthenticated SQL SELECT queries and data retrieval.
Vulnerability
A missing authentication check on the Aix‑DB "/llm/process_llm_out" endpoint allows unauthenticated clients to execute arbitrary "SELECT" SQL queries and retrieve database data, as the endpoint lacks the token validation enforced on all other application endpoints. All releases up to and including 1.2.4 are considered vulnerable [2].
Exploitation
An unauthenticated attacker can exploit this vulnerability by sending requests to the "/llm/process_llm_out" endpoint. No specific privileges or user interaction are required, as the endpoint is accessible without authentication and directly processes SQL queries [2].
Impact
Successful exploitation allows an unauthenticated attacker to execute arbitrary "SELECT" SQL queries against the database. This can lead to the disclosure of sensitive database information [2].
Mitigation
All releases up to and including 1.2.4 are vulnerable. The status of subsequent releases is unknown as the vulnerability has not yet been addressed by a patch [2].
AI Insight generated on Jun 10, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1News mentions
0No linked articles in our index yet.