Vulnerabilities ›

CVE-2026-7712

Medium

CWE-20 — Weakness Type

                    Published: May 4, 2026                      ·  Modified: May 6, 2026                      ·  Source: NVD                

CVSS v3

6.3

🔗 NVD Official

📄 Description (English)

A security vulnerability has been detected in MindsDB up to 26.01. Affected is the function pickle.loads of the component Pickle Handler. The manipulation leads to deserialization. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

🤖 AI Executive Summary

CVE-2026-7712 is a deserialization vulnerability in MindsDB up to version 26.01 affecting the Pickle Handler component, allowing remote code execution through malicious pickle objects. The vulnerability has public exploits available and the vendor has not responded to disclosure attempts.

📄 Description (Arabic)

تؤثر هذه الثغرة على معالج Pickle في MindsDB حتى الإصدار 26.01 وتسمح بإلغاء تسلسل الكائنات الضارة. يمكن استغلال الثغرة عن بعد دون مصادقة، مما يؤدي إلى تنفيذ أوامر تعسفية على الخادم. تم الكشف عن الاستغلال علناً والبائع لم يستجب للإفصاح.

🤖 ملخص تنفيذي (AI)

This vulnerability in MindsDB's pickle deserialization functionality can be exploited remotely to execute arbitrary code on affected systems. Organizations using MindsDB for data processing and AI operations should immediately patch to versions beyond 26.01.

🤖 AI Intelligence Analysis Analyzed: May 18, 2026 03:33

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

banking telecom energy government healthcare

🎯 MITRE ATT&CK Techniques

T1190 T1203 T1059

⚖️ Saudi Risk Score (AI)

7.0

/ 10.0

🔧 Remediation Steps (English)

Immediately upgrade MindsDB to version 26.02 or later. Implement network segmentation to restrict access to MindsDB instances. Disable pickle-based serialization if alternative serialization methods are available. Monitor for suspicious pickle deserialization activities in logs.

🔧 خطوات المعالجة (العربية)

قم بترقية MindsDB فوراً إلى الإصدار 26.02 أو أحدث. طبق تقسيم الشبكة لتقييد الوصول إلى مثيلات MindsDB. عطّل التسلسل القائم على pickle إن أمكن. راقب أنشطة إلغاء التسلسل المريبة في السجلات.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.13.1.1 A.14.2.1 A.12.6.1

🔵 SAMA CSF

ID.RA-1 PR.IP-12 DE.CM-1

🟡 ISO 27001:2022

27001:A.12.6.1 27001:A.14.2.1 27001:A.13.1.1

🔗 References & Sources 4

🔗

https://github.com/nn0nkey/JD-Security-SHENYI-Team/blob/main/MindsDB_Pickle_RCE.md

cna@vuldb.com

🔗

https://vuldb.com/submit/806827

cna@vuldb.com

🔗

https://vuldb.com/vuln/360888

cna@vuldb.com

🔗

https://vuldb.com/vuln/360888/cti

cna@vuldb.com

📊 CVSS Score

6.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity Medium

CVSS Score6.3

CWECWE-20

EPSS0.05%

Exploit No

Patch ✗ No

Published 2026-05-04

Source Feed nvd

🇸🇦 Saudi Risk Score

7.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-20

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-7712

Introduce Yourself

Sign In Required