CVE-2026-13513: Insufficient Verification of Data Authenticity in MyScale MyScaleDB
CVE-2026-13513 is a vulnerability in MyScale MyScaleDB up to version 1.8.0 affecting the SegmentId::getCacheKey function. It results in insufficient verification of data authenticity, potentially allowing remote attacks. The attack complexity is high and exploitability is difficult. An exploit has been publicly released. A fix is pending acceptance in a pull request but not yet officially available. The vulnerability has a low severity rating with a CVSS score of 2.3.
AI Analysis
Technical Summary
This vulnerability in MyScale MyScaleDB (versions 1.0 through 1.8.0) involves insufficient verification of data authenticity in the SegmentId::getCacheKey function within the src/VectorIndex/Common/SegmentId.h library. The flaw could be exploited remotely, though the attack complexity is high and exploitability is difficult. A public exploit exists, increasing risk despite the low CVSS score of 2.3. Currently, no official patch or remediation has been released, though a pull request to fix the issue is awaiting acceptance.
Potential Impact
The vulnerability allows remote attackers to exploit insufficient data authenticity verification, which could lead to unauthorized manipulation or misuse of data within MyScaleDB. However, the low CVSS score and high attack complexity indicate limited impact and difficult exploitation conditions. The presence of a public exploit increases potential risk, but no known active exploitation in the wild has been reported.
Mitigation Recommendations
No official patch or fix is currently available. A pull request addressing the vulnerability is pending acceptance. Users should monitor the vendor's advisories for updates and apply the fix once officially released. Until then, consider restricting remote access to MyScaleDB instances to trusted networks to reduce exposure.
CVE-2026-13513: Insufficient Verification of Data Authenticity in MyScale MyScaleDB
Description
CVE-2026-13513 is a vulnerability in MyScale MyScaleDB up to version 1.8.0 affecting the SegmentId::getCacheKey function. It results in insufficient verification of data authenticity, potentially allowing remote attacks. The attack complexity is high and exploitability is difficult. An exploit has been publicly released. A fix is pending acceptance in a pull request but not yet officially available. The vulnerability has a low severity rating with a CVSS score of 2.3.
CVSS v4.0
Score 2.3low
Affected software
pkg:github/myscale/MyScaleDBcpe:2.3:a:myscale:myscaledb:*:*:*:*:*:*:*:*Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in MyScale MyScaleDB (versions 1.0 through 1.8.0) involves insufficient verification of data authenticity in the SegmentId::getCacheKey function within the src/VectorIndex/Common/SegmentId.h library. The flaw could be exploited remotely, though the attack complexity is high and exploitability is difficult. A public exploit exists, increasing risk despite the low CVSS score of 2.3. Currently, no official patch or remediation has been released, though a pull request to fix the issue is awaiting acceptance.
Potential Impact
The vulnerability allows remote attackers to exploit insufficient data authenticity verification, which could lead to unauthorized manipulation or misuse of data within MyScaleDB. However, the low CVSS score and high attack complexity indicate limited impact and difficult exploitation conditions. The presence of a public exploit increases potential risk, but no known active exploitation in the wild has been reported.
Mitigation Recommendations
No official patch or fix is currently available. A pull request addressing the vulnerability is pending acceptance. Users should monitor the vendor's advisories for updates and apply the fix once officially released. Until then, consider restricting remote access to MyScaleDB instances to trusted networks to reduce exposure.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-06-28T06:33:46.561Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a41b00927e9c79719ca837b
Added to database: 06/28/2026, 23:36:41 UTC
Last enriched: 06/28/2026, 23:51:33 UTC
Last updated: 06/29/2026, 01:38:23 UTC
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.