CVE-2026-13508: Incorrect Authorization in khoj-ai khoj
CVE-2026-13508 is a medium severity vulnerability in khoj-ai khoj up to version 2.0.0-beta.28. It involves incorrect authorization due to manipulation of the conversation.agent argument in the Conversation Sharing Handler component. Remote exploitation is possible, and a fix is pending acceptance in a pull request.
AI Analysis
Technical Summary
This vulnerability affects the khoj-ai khoj product in versions up to 2.0.0-beta.28. The issue is located in the src/khoj/routers/api_chat.py file within the Conversation Sharing Handler component. An attacker can manipulate the conversation.agent argument, causing incorrect authorization checks. This flaw allows remote attackers to potentially bypass authorization controls. Although an exploit has been published, the fix is not yet officially released and is awaiting pull request acceptance.
Potential Impact
The vulnerability enables remote attackers to bypass authorization controls by manipulating a specific argument, potentially allowing unauthorized access or actions within the Conversation Sharing Handler. The CVSS 4.0 base score is 5.1 (medium), reflecting a network attack vector with low complexity and limited impact on confidentiality, integrity, and availability.
Mitigation Recommendations
No official fix or patch is currently available. A pull request containing the fix is pending acceptance. Users should monitor the vendor's repository or advisories for the official patch and apply it promptly once released. Until then, consider restricting access to the affected component or implementing additional access controls as a temporary measure.
CVE-2026-13508: Incorrect Authorization in khoj-ai khoj
Description
CVE-2026-13508 is a medium severity vulnerability in khoj-ai khoj up to version 2.0.0-beta.28. It involves incorrect authorization due to manipulation of the conversation.agent argument in the Conversation Sharing Handler component. Remote exploitation is possible, and a fix is pending acceptance in a pull request.
CVSS v4.0
Score 5.1medium
Affected software
pkg:github/khoj-ai/khojcpe:2.3:a:khoj-ai:khoj:*:*:*:*:*:*:*:*Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability affects the khoj-ai khoj product in versions up to 2.0.0-beta.28. The issue is located in the src/khoj/routers/api_chat.py file within the Conversation Sharing Handler component. An attacker can manipulate the conversation.agent argument, causing incorrect authorization checks. This flaw allows remote attackers to potentially bypass authorization controls. Although an exploit has been published, the fix is not yet officially released and is awaiting pull request acceptance.
Potential Impact
The vulnerability enables remote attackers to bypass authorization controls by manipulating a specific argument, potentially allowing unauthorized access or actions within the Conversation Sharing Handler. The CVSS 4.0 base score is 5.1 (medium), reflecting a network attack vector with low complexity and limited impact on confidentiality, integrity, and availability.
Mitigation Recommendations
No official fix or patch is currently available. A pull request containing the fix is pending acceptance. Users should monitor the vendor's repository or advisories for the official patch and apply it promptly once released. Until then, consider restricting access to the affected component or implementing additional access controls as a temporary measure.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-06-28T06:21:13.647Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a419e6c27e9c79719b34973
Added to database: 06/28/2026, 22:21:32 UTC
Last enriched: 06/28/2026, 22:37:14 UTC
Last updated: 06/29/2026, 02:16:55 UTC
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.