{"document":{"category":"csaf_vex","csaf_version":"2.0","title":"CVE-2026-8335: Missing authentication in Aix-DB","publisher":{"category":"vendor","name":"HarborGuard Database","namespace":"https://database.harborguard.co"},"tracking":{"id":"CVE-2026-8335","status":"final","version":"1","initial_release_date":"2026-06-10T14:31:10.402Z","current_release_date":"2026-06-10T16:05:36.144Z","revision_history":[{"date":"2026-06-10T14:31:10.402Z","number":"1","summary":"Initial machine-readable export from HarborGuard."}]},"distribution":{"tlp":{"label":"WHITE"},"text":"Public CVE data; freely redistributable."},"notes":[{"category":"description","text":"A missing authentication check on the Aix‑DB \"/llm/process_llm_out\" endpoint allows unauthenticated clients to execute arbitrary \"SELECT\" SQL queries and retrieve database data, as the endpoint lacks the token validation enforced on all other application endpoints.\nAll releases up to 1.2.4 are considered vulnerable. Status of next releases is unknown as the vulnerability has not been addressed by any patch.","title":"CVE description"}],"references":[{"category":"self","summary":"CVE-2026-8335 on HarborGuard Database","url":"https://database.harborguard.co/cve/CVE-2026-8335"},{"category":"external","summary":"CVE Record","url":"https://www.cve.org/CVERecord?id=CVE-2026-8335"},{"category":"external","summary":"github.com","url":"https://github.com/apconw/Aix-DB"},{"category":"external","summary":"cert.pl","url":"https://cert.pl/posts/2026/06/CVE-2026-8335"}]},"product_tree":{"branches":[{"category":"vendor","name":"Aix-DB","branches":[{"category":"product_name","name":"Aix-DB","branches":[{"category":"product_version_range","name":"<=1.2.4","product":{"name":"Aix-DB Aix-DB <=1.2.4","product_id":"CSAFPID-1","product_identification_helper":{"cpe":"cpe:2.3:a:aix-db:aix-db:*:*:*:*:*:*:*:*"}}}]}]}]},"vulnerabilities":[{"cve":"CVE-2026-8335","title":"Missing authentication in Aix-DB","notes":[{"category":"description","text":"A missing authentication check on the Aix‑DB \"/llm/process_llm_out\" endpoint allows unauthenticated clients to execute arbitrary \"SELECT\" SQL queries and retrieve database data, as the endpoint lacks the token validation enforced on all other application endpoints.\nAll releases up to 1.2.4 are considered vulnerable. Status of next releases is unknown as the vulnerability has not been addressed by any patch.","title":"CVE description"}],"product_status":{"known_affected":["CSAFPID-1"]},"scores":[{"cvss_v4":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N","baseScore":7.1,"baseSeverity":"HIGH"},"products":["CSAFPID-1"]}],"remediations":[{"category":"none_available","details":"No fixed version is published yet. Monitor the upstream advisory.","product_ids":["CSAFPID-1"]}]}]}