CVE-2026-13508

EUVD-2026-40005
A flaw has been found in khoj-ai khoj up to 2.0.0-beta.28. This impacts an unknown function of the file src/khoj/routers/api_chat.py of the component Conversation Sharing Handler. This manipulation of the argument conversation.agent causes incorrect authorization. Remote exploitation of the attack is possible. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://github.com/khoj-ai/khoj/
https://github.com/khoj-ai/khoj/issues/1327
https://github.com/khoj-ai/khoj/pull/1328
https://vuldb.com/cve/CVE-2026-13508
https://vuldb.com/submit/838812
https://vuldb.com/vuln/374516
https://vuldb.com/vuln/374516/cti