CVE-2026-2531 | MindsDB up to 25.14.1 File Upload security.py clear_filename server-side request forgery (Issue 12163)

A vulnerability labeled as critical has been found in MindsDB up to 25.14.1. This vulnerability affects the function clear_filename of the file mindsdb/utilities/security.py of the component File Upload. Such manipulation leads to server-side request forgery.

This vulnerability is listed as CVE-2026-2531. The attack may be performed from remote. In addition, an exploit is available.

It is best practice to apply a patch to resolve this issue.VulDB Recent EntriesRead More