Search

Find a vulnerability

Search criteria

    10 vulnerabilities by khoj-ai

    CVE-2026-13508 (GCVE-0-2026-13508)

    Vulnerability from nvd – Published: 2026-06-28 21:45 – Updated: 2026-06-29 13:39
    VLAI
    Title
    khoj-ai khoj Conversation Sharing api_chat.py authorization
    Summary
    A flaw has been found in khoj-ai khoj up to 2.0.0-beta.28. This impacts an unknown function of the file src/khoj/routers/api_chat.py of the component Conversation Sharing Handler. This manipulation of the argument conversation.agent causes incorrect authorization. Remote exploitation of the attack is possible. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/374516 vdb-entrytechnical-description
    https://vuldb.com/vuln/374516/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-13508 third-party-advisory
    https://vuldb.com/submit/838812 third-party-advisory
    https://github.com/khoj-ai/khoj/issues/1327 exploitissue-tracking
    https://github.com/khoj-ai/khoj/pull/1328 issue-trackingpatch
    https://github.com/khoj-ai/khoj/ product
    Impacted products
    Vendor Product Version
    khoj-ai khoj Affected: 2.0.0-beta.0
    Affected: 2.0.0-beta.1
    Affected: 2.0.0-beta.2
    Affected: 2.0.0-beta.3
    Affected: 2.0.0-beta.4
    Affected: 2.0.0-beta.5
    Affected: 2.0.0-beta.6
    Affected: 2.0.0-beta.7
    Affected: 2.0.0-beta.8
    Affected: 2.0.0-beta.9
    Affected: 2.0.0-beta.10
    Affected: 2.0.0-beta.11
    Affected: 2.0.0-beta.12
    Affected: 2.0.0-beta.13
    Affected: 2.0.0-beta.14
    Affected: 2.0.0-beta.15
    Affected: 2.0.0-beta.16
    Affected: 2.0.0-beta.17
    Affected: 2.0.0-beta.18
    Affected: 2.0.0-beta.19
    Affected: 2.0.0-beta.20
    Affected: 2.0.0-beta.21
    Affected: 2.0.0-beta.22
    Affected: 2.0.0-beta.23
    Affected: 2.0.0-beta.24
    Affected: 2.0.0-beta.25
    Affected: 2.0.0-beta.26
    Affected: 2.0.0-beta.27
    Affected: 2.0.0-beta.28
        cpe:2.3:a:khoj-ai:khoj:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Dem000000 (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13508",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-29T13:39:09.379215Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-29T13:39:27.222Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:khoj-ai:khoj:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Conversation Sharing Handler"
              ],
              "product": "khoj",
              "vendor": "khoj-ai",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.0-beta.0"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.1"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.2"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.3"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.4"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.5"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.6"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.7"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.8"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.9"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.10"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.11"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.12"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.13"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.14"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.15"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.16"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.17"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.18"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.19"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.20"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.21"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.22"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.23"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.24"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.25"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.26"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.27"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.28"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Dem000000 (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw has been found in khoj-ai khoj up to 2.0.0-beta.28. This impacts an unknown function of the file src/khoj/routers/api_chat.py of the component Conversation Sharing Handler. This manipulation of the argument conversation.agent causes incorrect authorization. Remote exploitation of the attack is possible. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-28T21:45:10.327Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-374516 | khoj-ai khoj Conversation Sharing api_chat.py authorization",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/374516"
            },
            {
              "name": "VDB-374516 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/374516/cti"
            },
            {
              "name": "CVE-2026-13508 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-13508"
            },
            {
              "name": "Submit #838812 | Khoj AI Khoj Source commit e8631261400e0a04c5063e91e498b549976ffc53; affected released versions are unknown. CWE-863: Incorrect Authorization",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/838812"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/khoj-ai/khoj/issues/1327"
            },
            {
              "tags": [
                "issue-tracking",
                "patch"
              ],
              "url": "https://github.com/khoj-ai/khoj/pull/1328"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/khoj-ai/khoj/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-28T08:26:17.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "khoj-ai khoj Conversation Sharing api_chat.py authorization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-13508",
        "datePublished": "2026-06-28T21:45:10.327Z",
        "dateReserved": "2026-06-28T06:21:13.647Z",
        "dateUpdated": "2026-06-29T13:39:27.222Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-69207 (GCVE-0-2025-69207)

    Vulnerability from nvd – Published: 2026-02-02 21:16 – Updated: 2026-02-03 15:45
    VLAI
    Title
    Khoj has an IDOR in Notion OAuth Flow Enables Index Poisoning
    Summary
    Khoj is a self-hostable artificial intelligence app. Prior to 2.0.0-beta.23, an IDOR in the Notion OAuth callback allows an attacker to hijack any user's Notion integration by manipulating the state parameter. The callback endpoint accepts any user UUID without verifying the OAuth flow was initiated by that user, allowing attackers to replace victims' Notion configurations with their own, resulting in data poisoning and unauthorized access to the victim's Khoj search index. This attack requires knowing the user's UUID which can be leaked through shared conversations where an AI generated image is present. This vulnerability is fixed in 2.0.0-beta.23.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    Impacted products
    Vendor Product Version
    khoj-ai khoj Affected: < 2.0.0-beta.23
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-69207",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-03T15:44:16.914965Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-03T15:45:38.393Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "khoj",
              "vendor": "khoj-ai",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.0.0-beta.23"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Khoj is a self-hostable artificial intelligence app. Prior to 2.0.0-beta.23, an IDOR in the Notion OAuth callback allows an attacker to hijack any user\u0027s Notion integration by manipulating the state parameter. The callback endpoint accepts any user UUID without verifying the OAuth flow was initiated by that user, allowing attackers to replace victims\u0027 Notion configurations with their own, resulting in data poisoning and unauthorized access to the victim\u0027s Khoj search index. This attack requires knowing the user\u0027s UUID which can be leaked through shared conversations where an AI generated image is present. This vulnerability is fixed in 2.0.0-beta.23."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639: Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-02T21:16:49.041Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/khoj-ai/khoj/security/advisories/GHSA-6whj-7qmg-86qj",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/khoj-ai/khoj/security/advisories/GHSA-6whj-7qmg-86qj"
            },
            {
              "name": "https://github.com/khoj-ai/khoj/commit/1b7ccd141d47f365edeccc57d7316cb0913d748b",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/khoj-ai/khoj/commit/1b7ccd141d47f365edeccc57d7316cb0913d748b"
            },
            {
              "name": "https://github.com/khoj-ai/khoj/releases/tag/2.0.0-beta.23",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/khoj-ai/khoj/releases/tag/2.0.0-beta.23"
            }
          ],
          "source": {
            "advisory": "GHSA-6whj-7qmg-86qj",
            "discovery": "UNKNOWN"
          },
          "title": "Khoj has an IDOR in Notion OAuth Flow Enables Index Poisoning"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-69207",
        "datePublished": "2026-02-02T21:16:49.041Z",
        "dateReserved": "2025-12-29T14:54:59.520Z",
        "dateUpdated": "2026-02-03T15:45:38.393Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-52294 (GCVE-0-2024-52294)

    Vulnerability from nvd – Published: 2024-12-30 16:14 – Updated: 2024-12-30 16:52
    VLAI
    Title
    khoj has an IDOR in subscription management that allows unauthorized subscription modifications
    Summary
    Khoj is a self-hostable artificial intelligence app. Prior to version 1.29.10, an Insecure Direct Object Reference (IDOR) vulnerability in the update_subscription endpoint allows any authenticated user to manipulate other users' Stripe subscriptions by simply modifying the email parameter in the request. The vulnerability exists in the subscription endpoint at `/api/subscription`. The endpoint uses an email parameter as a direct reference to user subscriptions without verifying object ownership. While authentication is required, there is no authorization check to verify if the authenticated user owns the referenced subscription. The issue was fixed in version 1.29.10. Support for arbitrarily presenting an email for update has been deprecated.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    References
    Impacted products
    Vendor Product Version
    khoj-ai khoj Affected: < 1.29.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-52294",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-30T16:52:16.974619Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-30T16:52:29.814Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/khoj-ai/khoj/security/advisories/GHSA-hq4h-w933-jm6c"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "khoj",
              "vendor": "khoj-ai",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.29.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Khoj is a self-hostable artificial intelligence app. Prior to version 1.29.10, an Insecure Direct Object Reference (IDOR) vulnerability in the update_subscription endpoint allows any authenticated user to manipulate other users\u0027 Stripe subscriptions by simply modifying the email parameter in the request. The vulnerability exists in the subscription endpoint at `/api/subscription`. The endpoint uses an email parameter as a direct reference to user subscriptions without verifying object ownership. While authentication is required, there is no authorization check to verify if the authenticated user owns the referenced subscription. The issue was fixed in version 1.29.10. Support for arbitrarily presenting an email for update has been deprecated."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639: Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-30T16:14:35.767Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/khoj-ai/khoj/security/advisories/GHSA-hq4h-w933-jm6c",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/khoj-ai/khoj/security/advisories/GHSA-hq4h-w933-jm6c"
            },
            {
              "name": "https://github.com/khoj-ai/khoj/commit/47d3c8c23597900af708bdc60aced3ae5d2064c1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/khoj-ai/khoj/commit/47d3c8c23597900af708bdc60aced3ae5d2064c1"
            }
          ],
          "source": {
            "advisory": "GHSA-hq4h-w933-jm6c",
            "discovery": "UNKNOWN"
          },
          "title": "khoj has an IDOR in subscription management that allows unauthorized subscription modifications"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-52294",
        "datePublished": "2024-12-30T16:14:35.767Z",
        "dateReserved": "2024-11-06T19:00:26.394Z",
        "dateUpdated": "2024-12-30T16:52:29.814Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-43396 (GCVE-0-2024-43396)

    Vulnerability from nvd – Published: 2024-08-20 20:23 – Updated: 2024-08-21 19:52
    VLAI
    Title
    Khoj Vulnerable to Stored Cross-site Scripting In Automate (Preview feature)
    Summary
    Khoj is an application that creates personal AI agents. The Automation feature allows a user to insert arbitrary HTML inside the task instructions, resulting in a Stored XSS. The q parameter for the /api/automation endpoint does not get correctly sanitized when rendered on the page, resulting in the ability of users to inject arbitrary HTML/JS. This vulnerability is fixed in 1.15.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    khoj-ai khoj Affected: < 1.15.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-43396",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-21T19:52:22.737517Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-21T19:52:35.357Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "khoj",
              "vendor": "khoj-ai",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.15.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Khoj is an application that creates personal AI agents. The Automation feature allows a user to insert arbitrary HTML inside the task instructions, resulting in a Stored XSS. The q parameter for the /api/automation endpoint does not get correctly sanitized when rendered on the page, resulting in the ability of users to inject arbitrary HTML/JS. This vulnerability is fixed in 1.15.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-20T20:23:05.660Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/khoj-ai/khoj/security/advisories/GHSA-cf72-vg59-4j4h",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/khoj-ai/khoj/security/advisories/GHSA-cf72-vg59-4j4h"
            },
            {
              "name": "https://github.com/khoj-ai/khoj/commit/1c7a562880eeb7354325545d2cf6c5d1d1134812",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/khoj-ai/khoj/commit/1c7a562880eeb7354325545d2cf6c5d1d1134812"
            },
            {
              "name": "https://github.com/khoj-ai/khoj/commit/55be90cdd2f9d6a09c8bf9ceea52fc36b9201626",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/khoj-ai/khoj/commit/55be90cdd2f9d6a09c8bf9ceea52fc36b9201626"
            }
          ],
          "source": {
            "advisory": "GHSA-cf72-vg59-4j4h",
            "discovery": "UNKNOWN"
          },
          "title": "Khoj Vulnerable to Stored Cross-site Scripting In Automate (Preview feature)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-43396",
        "datePublished": "2024-08-20T20:23:05.660Z",
        "dateReserved": "2024-08-12T18:02:04.965Z",
        "dateUpdated": "2024-08-21T19:52:35.357Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-25639 (GCVE-0-2024-25639)

    Vulnerability from nvd – Published: 2024-07-08 14:24 – Updated: 2024-08-01 23:44
    VLAI
    Title
    Prompt Injection triggered XSS vulnerability in Khoj Obsidian, Desktop and Web clients
    Summary
    Khoj is an application that creates personal AI agents. The Khoj Obsidian, Desktop and Web clients inadequately sanitize the AI model's response and user inputs. This can trigger Cross Site Scripting (XSS) via Prompt Injection from untrusted documents either indexed by the user on Khoj or read by Khoj from the internet when the user invokes the /online command. This vulnerability is fixed in 1.13.0.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    khoj-ai khoj Affected: < 1.13.0
    Create a notification for this product.
    khojai khoj Affected: 0 , < 1.13.0 (custom)
        cpe:2.3:a:khojai:khoj:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:khojai:khoj:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "khoj",
                "vendor": "khojai",
                "versions": [
                  {
                    "lessThan": "1.13.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-25639",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-08T14:55:37.305412Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-08T15:00:37.872Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T23:44:09.829Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/khoj-ai/khoj/security/advisories/GHSA-h2q2-vch3-72qm",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/khoj-ai/khoj/security/advisories/GHSA-h2q2-vch3-72qm"
              },
              {
                "name": "https://github.com/khoj-ai/khoj/commit/1dfd6d7391862d3564db7f4875216880b73cb6cc",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/khoj-ai/khoj/commit/1dfd6d7391862d3564db7f4875216880b73cb6cc"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "khoj",
              "vendor": "khoj-ai",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.13.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Khoj is an application that creates personal AI agents. The Khoj Obsidian, Desktop and Web clients inadequately sanitize the AI model\u0027s response and user inputs. This can trigger Cross Site Scripting (XSS) via Prompt Injection from untrusted documents either indexed by the user on Khoj or read by Khoj from the internet when the user invokes the /online command. This vulnerability is fixed in 1.13.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-80",
                  "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-08T14:24:33.987Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/khoj-ai/khoj/security/advisories/GHSA-h2q2-vch3-72qm",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/khoj-ai/khoj/security/advisories/GHSA-h2q2-vch3-72qm"
            },
            {
              "name": "https://github.com/khoj-ai/khoj/commit/1dfd6d7391862d3564db7f4875216880b73cb6cc",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/khoj-ai/khoj/commit/1dfd6d7391862d3564db7f4875216880b73cb6cc"
            }
          ],
          "source": {
            "advisory": "GHSA-h2q2-vch3-72qm",
            "discovery": "UNKNOWN"
          },
          "title": "Prompt Injection triggered XSS vulnerability in Khoj Obsidian, Desktop and Web clients"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-25639",
        "datePublished": "2024-07-08T14:24:33.987Z",
        "dateReserved": "2024-02-08T22:26:33.514Z",
        "dateUpdated": "2024-08-01T23:44:09.829Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-13508 (GCVE-0-2026-13508)

    Vulnerability from cvelistv5 – Published: 2026-06-28 21:45 – Updated: 2026-06-29 13:39
    VLAI
    Title
    khoj-ai khoj Conversation Sharing api_chat.py authorization
    Summary
    A flaw has been found in khoj-ai khoj up to 2.0.0-beta.28. This impacts an unknown function of the file src/khoj/routers/api_chat.py of the component Conversation Sharing Handler. This manipulation of the argument conversation.agent causes incorrect authorization. Remote exploitation of the attack is possible. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/374516 vdb-entrytechnical-description
    https://vuldb.com/vuln/374516/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-13508 third-party-advisory
    https://vuldb.com/submit/838812 third-party-advisory
    https://github.com/khoj-ai/khoj/issues/1327 exploitissue-tracking
    https://github.com/khoj-ai/khoj/pull/1328 issue-trackingpatch
    https://github.com/khoj-ai/khoj/ product
    Impacted products
    Vendor Product Version
    khoj-ai khoj Affected: 2.0.0-beta.0
    Affected: 2.0.0-beta.1
    Affected: 2.0.0-beta.2
    Affected: 2.0.0-beta.3
    Affected: 2.0.0-beta.4
    Affected: 2.0.0-beta.5
    Affected: 2.0.0-beta.6
    Affected: 2.0.0-beta.7
    Affected: 2.0.0-beta.8
    Affected: 2.0.0-beta.9
    Affected: 2.0.0-beta.10
    Affected: 2.0.0-beta.11
    Affected: 2.0.0-beta.12
    Affected: 2.0.0-beta.13
    Affected: 2.0.0-beta.14
    Affected: 2.0.0-beta.15
    Affected: 2.0.0-beta.16
    Affected: 2.0.0-beta.17
    Affected: 2.0.0-beta.18
    Affected: 2.0.0-beta.19
    Affected: 2.0.0-beta.20
    Affected: 2.0.0-beta.21
    Affected: 2.0.0-beta.22
    Affected: 2.0.0-beta.23
    Affected: 2.0.0-beta.24
    Affected: 2.0.0-beta.25
    Affected: 2.0.0-beta.26
    Affected: 2.0.0-beta.27
    Affected: 2.0.0-beta.28
        cpe:2.3:a:khoj-ai:khoj:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Dem000000 (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13508",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-29T13:39:09.379215Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-29T13:39:27.222Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:khoj-ai:khoj:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Conversation Sharing Handler"
              ],
              "product": "khoj",
              "vendor": "khoj-ai",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.0-beta.0"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.1"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.2"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.3"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.4"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.5"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.6"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.7"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.8"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.9"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.10"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.11"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.12"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.13"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.14"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.15"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.16"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.17"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.18"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.19"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.20"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.21"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.22"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.23"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.24"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.25"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.26"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.27"
                },
                {
                  "status": "affected",
                  "version": "2.0.0-beta.28"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Dem000000 (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw has been found in khoj-ai khoj up to 2.0.0-beta.28. This impacts an unknown function of the file src/khoj/routers/api_chat.py of the component Conversation Sharing Handler. This manipulation of the argument conversation.agent causes incorrect authorization. Remote exploitation of the attack is possible. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-28T21:45:10.327Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-374516 | khoj-ai khoj Conversation Sharing api_chat.py authorization",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/374516"
            },
            {
              "name": "VDB-374516 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/374516/cti"
            },
            {
              "name": "CVE-2026-13508 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-13508"
            },
            {
              "name": "Submit #838812 | Khoj AI Khoj Source commit e8631261400e0a04c5063e91e498b549976ffc53; affected released versions are unknown. CWE-863: Incorrect Authorization",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/838812"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/khoj-ai/khoj/issues/1327"
            },
            {
              "tags": [
                "issue-tracking",
                "patch"
              ],
              "url": "https://github.com/khoj-ai/khoj/pull/1328"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/khoj-ai/khoj/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-28T08:26:17.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "khoj-ai khoj Conversation Sharing api_chat.py authorization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-13508",
        "datePublished": "2026-06-28T21:45:10.327Z",
        "dateReserved": "2026-06-28T06:21:13.647Z",
        "dateUpdated": "2026-06-29T13:39:27.222Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-69207 (GCVE-0-2025-69207)

    Vulnerability from cvelistv5 – Published: 2026-02-02 21:16 – Updated: 2026-02-03 15:45
    VLAI
    Title
    Khoj has an IDOR in Notion OAuth Flow Enables Index Poisoning
    Summary
    Khoj is a self-hostable artificial intelligence app. Prior to 2.0.0-beta.23, an IDOR in the Notion OAuth callback allows an attacker to hijack any user's Notion integration by manipulating the state parameter. The callback endpoint accepts any user UUID without verifying the OAuth flow was initiated by that user, allowing attackers to replace victims' Notion configurations with their own, resulting in data poisoning and unauthorized access to the victim's Khoj search index. This attack requires knowing the user's UUID which can be leaked through shared conversations where an AI generated image is present. This vulnerability is fixed in 2.0.0-beta.23.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    Impacted products
    Vendor Product Version
    khoj-ai khoj Affected: < 2.0.0-beta.23
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-69207",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-03T15:44:16.914965Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-03T15:45:38.393Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "khoj",
              "vendor": "khoj-ai",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.0.0-beta.23"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Khoj is a self-hostable artificial intelligence app. Prior to 2.0.0-beta.23, an IDOR in the Notion OAuth callback allows an attacker to hijack any user\u0027s Notion integration by manipulating the state parameter. The callback endpoint accepts any user UUID without verifying the OAuth flow was initiated by that user, allowing attackers to replace victims\u0027 Notion configurations with their own, resulting in data poisoning and unauthorized access to the victim\u0027s Khoj search index. This attack requires knowing the user\u0027s UUID which can be leaked through shared conversations where an AI generated image is present. This vulnerability is fixed in 2.0.0-beta.23."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639: Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-02T21:16:49.041Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/khoj-ai/khoj/security/advisories/GHSA-6whj-7qmg-86qj",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/khoj-ai/khoj/security/advisories/GHSA-6whj-7qmg-86qj"
            },
            {
              "name": "https://github.com/khoj-ai/khoj/commit/1b7ccd141d47f365edeccc57d7316cb0913d748b",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/khoj-ai/khoj/commit/1b7ccd141d47f365edeccc57d7316cb0913d748b"
            },
            {
              "name": "https://github.com/khoj-ai/khoj/releases/tag/2.0.0-beta.23",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/khoj-ai/khoj/releases/tag/2.0.0-beta.23"
            }
          ],
          "source": {
            "advisory": "GHSA-6whj-7qmg-86qj",
            "discovery": "UNKNOWN"
          },
          "title": "Khoj has an IDOR in Notion OAuth Flow Enables Index Poisoning"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-69207",
        "datePublished": "2026-02-02T21:16:49.041Z",
        "dateReserved": "2025-12-29T14:54:59.520Z",
        "dateUpdated": "2026-02-03T15:45:38.393Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-52294 (GCVE-0-2024-52294)

    Vulnerability from cvelistv5 – Published: 2024-12-30 16:14 – Updated: 2024-12-30 16:52
    VLAI
    Title
    khoj has an IDOR in subscription management that allows unauthorized subscription modifications
    Summary
    Khoj is a self-hostable artificial intelligence app. Prior to version 1.29.10, an Insecure Direct Object Reference (IDOR) vulnerability in the update_subscription endpoint allows any authenticated user to manipulate other users' Stripe subscriptions by simply modifying the email parameter in the request. The vulnerability exists in the subscription endpoint at `/api/subscription`. The endpoint uses an email parameter as a direct reference to user subscriptions without verifying object ownership. While authentication is required, there is no authorization check to verify if the authenticated user owns the referenced subscription. The issue was fixed in version 1.29.10. Support for arbitrarily presenting an email for update has been deprecated.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    References
    Impacted products
    Vendor Product Version
    khoj-ai khoj Affected: < 1.29.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-52294",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-30T16:52:16.974619Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-30T16:52:29.814Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/khoj-ai/khoj/security/advisories/GHSA-hq4h-w933-jm6c"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "khoj",
              "vendor": "khoj-ai",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.29.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Khoj is a self-hostable artificial intelligence app. Prior to version 1.29.10, an Insecure Direct Object Reference (IDOR) vulnerability in the update_subscription endpoint allows any authenticated user to manipulate other users\u0027 Stripe subscriptions by simply modifying the email parameter in the request. The vulnerability exists in the subscription endpoint at `/api/subscription`. The endpoint uses an email parameter as a direct reference to user subscriptions without verifying object ownership. While authentication is required, there is no authorization check to verify if the authenticated user owns the referenced subscription. The issue was fixed in version 1.29.10. Support for arbitrarily presenting an email for update has been deprecated."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639: Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-30T16:14:35.767Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/khoj-ai/khoj/security/advisories/GHSA-hq4h-w933-jm6c",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/khoj-ai/khoj/security/advisories/GHSA-hq4h-w933-jm6c"
            },
            {
              "name": "https://github.com/khoj-ai/khoj/commit/47d3c8c23597900af708bdc60aced3ae5d2064c1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/khoj-ai/khoj/commit/47d3c8c23597900af708bdc60aced3ae5d2064c1"
            }
          ],
          "source": {
            "advisory": "GHSA-hq4h-w933-jm6c",
            "discovery": "UNKNOWN"
          },
          "title": "khoj has an IDOR in subscription management that allows unauthorized subscription modifications"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-52294",
        "datePublished": "2024-12-30T16:14:35.767Z",
        "dateReserved": "2024-11-06T19:00:26.394Z",
        "dateUpdated": "2024-12-30T16:52:29.814Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-43396 (GCVE-0-2024-43396)

    Vulnerability from cvelistv5 – Published: 2024-08-20 20:23 – Updated: 2024-08-21 19:52
    VLAI
    Title
    Khoj Vulnerable to Stored Cross-site Scripting In Automate (Preview feature)
    Summary
    Khoj is an application that creates personal AI agents. The Automation feature allows a user to insert arbitrary HTML inside the task instructions, resulting in a Stored XSS. The q parameter for the /api/automation endpoint does not get correctly sanitized when rendered on the page, resulting in the ability of users to inject arbitrary HTML/JS. This vulnerability is fixed in 1.15.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    khoj-ai khoj Affected: < 1.15.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-43396",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-21T19:52:22.737517Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-21T19:52:35.357Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "khoj",
              "vendor": "khoj-ai",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.15.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Khoj is an application that creates personal AI agents. The Automation feature allows a user to insert arbitrary HTML inside the task instructions, resulting in a Stored XSS. The q parameter for the /api/automation endpoint does not get correctly sanitized when rendered on the page, resulting in the ability of users to inject arbitrary HTML/JS. This vulnerability is fixed in 1.15.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-20T20:23:05.660Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/khoj-ai/khoj/security/advisories/GHSA-cf72-vg59-4j4h",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/khoj-ai/khoj/security/advisories/GHSA-cf72-vg59-4j4h"
            },
            {
              "name": "https://github.com/khoj-ai/khoj/commit/1c7a562880eeb7354325545d2cf6c5d1d1134812",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/khoj-ai/khoj/commit/1c7a562880eeb7354325545d2cf6c5d1d1134812"
            },
            {
              "name": "https://github.com/khoj-ai/khoj/commit/55be90cdd2f9d6a09c8bf9ceea52fc36b9201626",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/khoj-ai/khoj/commit/55be90cdd2f9d6a09c8bf9ceea52fc36b9201626"
            }
          ],
          "source": {
            "advisory": "GHSA-cf72-vg59-4j4h",
            "discovery": "UNKNOWN"
          },
          "title": "Khoj Vulnerable to Stored Cross-site Scripting In Automate (Preview feature)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-43396",
        "datePublished": "2024-08-20T20:23:05.660Z",
        "dateReserved": "2024-08-12T18:02:04.965Z",
        "dateUpdated": "2024-08-21T19:52:35.357Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-25639 (GCVE-0-2024-25639)

    Vulnerability from cvelistv5 – Published: 2024-07-08 14:24 – Updated: 2024-08-01 23:44
    VLAI
    Title
    Prompt Injection triggered XSS vulnerability in Khoj Obsidian, Desktop and Web clients
    Summary
    Khoj is an application that creates personal AI agents. The Khoj Obsidian, Desktop and Web clients inadequately sanitize the AI model's response and user inputs. This can trigger Cross Site Scripting (XSS) via Prompt Injection from untrusted documents either indexed by the user on Khoj or read by Khoj from the internet when the user invokes the /online command. This vulnerability is fixed in 1.13.0.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    khoj-ai khoj Affected: < 1.13.0
    Create a notification for this product.
    khojai khoj Affected: 0 , < 1.13.0 (custom)
        cpe:2.3:a:khojai:khoj:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:khojai:khoj:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "khoj",
                "vendor": "khojai",
                "versions": [
                  {
                    "lessThan": "1.13.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-25639",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-08T14:55:37.305412Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-08T15:00:37.872Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T23:44:09.829Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/khoj-ai/khoj/security/advisories/GHSA-h2q2-vch3-72qm",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/khoj-ai/khoj/security/advisories/GHSA-h2q2-vch3-72qm"
              },
              {
                "name": "https://github.com/khoj-ai/khoj/commit/1dfd6d7391862d3564db7f4875216880b73cb6cc",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/khoj-ai/khoj/commit/1dfd6d7391862d3564db7f4875216880b73cb6cc"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "khoj",
              "vendor": "khoj-ai",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.13.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Khoj is an application that creates personal AI agents. The Khoj Obsidian, Desktop and Web clients inadequately sanitize the AI model\u0027s response and user inputs. This can trigger Cross Site Scripting (XSS) via Prompt Injection from untrusted documents either indexed by the user on Khoj or read by Khoj from the internet when the user invokes the /online command. This vulnerability is fixed in 1.13.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-80",
                  "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-08T14:24:33.987Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/khoj-ai/khoj/security/advisories/GHSA-h2q2-vch3-72qm",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/khoj-ai/khoj/security/advisories/GHSA-h2q2-vch3-72qm"
            },
            {
              "name": "https://github.com/khoj-ai/khoj/commit/1dfd6d7391862d3564db7f4875216880b73cb6cc",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/khoj-ai/khoj/commit/1dfd6d7391862d3564db7f4875216880b73cb6cc"
            }
          ],
          "source": {
            "advisory": "GHSA-h2q2-vch3-72qm",
            "discovery": "UNKNOWN"
          },
          "title": "Prompt Injection triggered XSS vulnerability in Khoj Obsidian, Desktop and Web clients"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-25639",
        "datePublished": "2024-07-08T14:24:33.987Z",
        "dateReserved": "2024-02-08T22:26:33.514Z",
        "dateUpdated": "2024-08-01T23:44:09.829Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }