CVE-2026-7711

Daily digests

MindsDB's BYOM (Bring Your Own Model) engine handler lets a remote attacker upload arbitrary files through the proc_wrapper.py exec function with no restrictions. A public exploit exists, and the vendor has not responded to disclosure. There is no patch available right now.

• Daily Digest · May 4, 2026

  GoBGP crashes, Prefect + MindsDB unpatched exploits