CVE-2026-58473
topoteretes · cognee
Cognee contains an improper access control vulnerability allowing unauthenticated attackers to overwrite global LLM provider settings via the API, enabling wide-scale data exfiltration.
Executive summary
An unauthenticated access control vulnerability in topoteretes cognee allows attackers to hijack global LLM configurations, posing a critical risk of widespread data exfiltration.
Vulnerability
This vulnerability involves a missing authorization and authentication check on the settings endpoint, allowing unauthenticated attackers to overwrite the system's global LLM provider configuration. By manipulating the process-wide singleton configuration cache, an attacker can redirect all LLM operations to a malicious endpoint to capture sensitive data.
Business impact
The ability for an unauthenticated user to intercept and redirect LLM traffic poses a catastrophic risk to data confidentiality and integrity. With a CVSS score of 9.1, this vulnerability allows for the exfiltration of prompts, proprietary documents, and knowledge graph content, potentially leading to severe reputational damage and the compromise of sensitive organizational intelligence.
Remediation
Immediate Action: Upgrade to topoteretes cognee version 1.2.0 or later, which includes the necessary authorization checks on the settings endpoint.
Proactive Monitoring: Monitor API traffic for unusual requests to the settings endpoint and audit LLM provider configuration changes for unauthorized modifications.
Compensating Controls: Implement strict network-level access controls to restrict access to the API and utilize a Web Application Firewall (WAF) to block unauthorized requests to administrative or settings-related endpoints.
Exploitation status
Public Exploit Available: false
Analyst recommendation
This vulnerability represents a critical security failure in the application's core configuration management. Administrators must prioritize updating to version 1.2.0 immediately to prevent potential unauthorized access to sensitive LLM data streams.