CVE-2026-11481— grepai 加密问题漏洞

yoanbernabeu grepai Postgres Embedding Cache chunker.go PostgresStore.LookupByContentHash weak hash

A vulnerability was determined in yoanbernabeu grepai up to 0.35.0. The affected element is the function PostgresStore.LookupByContentHash of the file indexer/chunker.go of the component Postgres Embedding Cache. Executing a manipulation of the argument content_hash can lead to use of weak hash. The attack needs to be launched locally. The attack requires a high level of complexity. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

可逆的单向哈希

grepai 加密问题漏洞

grepai是Yoan Bernabeu个人开发者的一款基于语义搜索的代码理解工具。 grepai 0.35.0版本存在加密问题漏洞，该漏洞源于Postgres嵌入缓存组件中文件indexer/chunker.go的PostgresStore.LookupByContentHash函数对参数content_hash操作不当，可能导致使用弱哈希。攻击者需本地利用，且攻击复杂度高。

N/A

N/A