CVE-2026-13508
Deferred Deferred - Pending Action

Authorization Bypass in khoj AI Chat API

Vulnerability report for CVE-2026-13508, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-28

Last updated on: 2026-06-29

Assigner: VulDB

Description

A flaw has been found in khoj-ai khoj up to 2.0.0-beta.28. This impacts an unknown function of the file src/khoj/routers/api_chat.py of the component Conversation Sharing Handler. This manipulation of the argument conversation.agent causes incorrect authorization. Remote exploitation of the attack is possible. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-28
Last Modified
2026-06-29
Generated
2026-07-19
AI Q&A
2026-06-29
EPSS Evaluated
2026-07-17
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
khoj-ai khoj to 2.0.0-beta.28 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
CWE-285 The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a flaw in the khoj-ai khoj software up to version 2.0.0-beta.28, specifically in the Conversation Sharing Handler component located in the file src/khoj/routers/api_chat.py. The issue arises from manipulation of the argument conversation.agent, which leads to incorrect authorization. This means that an attacker could potentially exploit this flaw remotely to bypass authorization controls.

The exploit for this vulnerability has been published and is available for use, although a fix has been proposed and is awaiting acceptance.

Detection Guidance

This vulnerability involves incorrect authorization related to conversation agents in the Khoj AI application, specifically when shared conversations are forked and private agent references are retained without proper access checks.

Detection would involve monitoring or inspecting conversation sharing and forking activities to identify if private or protected agent references are being improperly retained or accessed by unauthorized users.

Since the issue is related to application logic rather than network traffic patterns, detection commands would likely involve reviewing application logs or database entries related to conversation agents and their authorization states.

No specific detection commands or network signatures are provided in the available resources.

Impact Analysis

This vulnerability can impact you by allowing a remote attacker to manipulate authorization checks within the khoj-ai khoj application. This could lead to unauthorized access or actions within the system, potentially exposing sensitive information or allowing unintended operations.

Compliance Impact

The vulnerability in khoj-ai khoj allows unauthorized access to private conversation agents by retaining private agent references when conversations are shared or forked. This incorrect authorization could lead to exposure of sensitive user data or configurations across user boundaries.

Such unauthorized access and potential data exposure may impact compliance with data protection regulations like GDPR and HIPAA, which require strict controls on personal and sensitive data access and sharing.

However, the provided information does not explicitly state the direct compliance impact or any regulatory assessments.

Mitigation Strategies

Immediate mitigation involves preventing unauthorized access to private conversation agents when sharing or forking conversations.

A fix has been developed in pull request #1328 which re-authorizes conversation agents before chat execution, prompt construction, and chat-model selection, ensuring private agents are not improperly shared or inherited.

Until the fix is accepted and deployed, administrators should restrict or monitor sharing and forking of conversations that involve private agents to avoid unauthorized access.

Review user permissions and access controls around conversation agents and consider disabling or limiting conversation sharing features temporarily if possible.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-13508. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart