Detections
Analytics

CVE-2026-13513

low

Description

A security flaw has been discovered in MyScale MyScaleDB up to 1.8.0. This vulnerability affects the function SegmentId::getCacheKey in the library src/VectorIndex/Common/SegmentId.h. The manipulation results in insufficient verification of data authenticity. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is stated that the exploitability is difficult. The exploit has been released to the public and may be used for attacks. The pull request to fix this issue awaits acceptance.

References

https://vuldb.com/vuln/374521/cti

https://vuldb.com/vuln/374521

https://vuldb.com/submit/838878

https://vuldb.com/cve/CVE-2026-13513

https://github.com/myscale/MyScaleDB/pull/55

https://github.com/myscale/MyScaleDB/issues/54

https://github.com/myscale/MyScaleDB/

Details

Source: Mitre, NVD

Published: 2026-06-29

Updated: 2026-06-29

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 5

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

Severity: Medium

CVSS v4

Base Score: 2.3

Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Severity: Low

EPSS

EPSS: 0.00133