MITRE service request: 1988584
Status: RESERVED (pending a qualifying public reference per CNA Rules §5.3).
Cognee thru v0.4.0 contains a critical remote code execution vulnerability in its notebook cell execution API endpoint. The endpoint is designed to execute arbitrary Python code provided by the user, but it does so using the unsafe exec() function without any sandboxing, validation, or security controls. An attacker can exploit this by sending a specially crafted POST request containing malicious Python code to the execution endpoint. This leads to arbitrary code execution on the Cognee server with the privileges of the server process, allowing complete compromise of the system.
Exposed notebook execution endpoints accept arbitrary Python lists and run them with exec on the server. When backend access control or authentication is disabled (as described in coordinated testing), any remote client can obtain a root-equivalent shell on the API host.
487635b71b204e62a28e91f141b64ae90708d68d).POST /api/v1/notebook/{notebook_id}/{cell_id}/run (or equivalent) with JSON body containing Python statements.exec / equivalent without sandbox.ENABLE_BACKEND_ACCESS_CONTROL=false and REQUIRE_AUTHENTICATION=false in disclosed scenarios.Critical on any internet-facing Cognee deployment lacking strong auth.