{"vulnerability": "cve-2026-58473", "sightings": [{"uuid": "f8650fa5-d1a4-46aa-ad84-4bb8dc92b72b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58473", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mq3lnftqre2z", "content": "CVE-2026-58473\nAn attacker can create an account and change the way Cognee uses its language model. This allows them to steal information from other users, such as their prompts, documents, and knowledge. To fix this, update\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#CVE #infosec", "creation_timestamp": "2026-07-07T21:52:04.471387Z"}, {"uuid": "d55352ea-870d-4f5b-9570-84badaf35a70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58473", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mq3rk2sdn42k", "content": "CVE-2026-58473 - Cognee\nCVE ID : CVE-2026-58473\n \n Published : July 7, 2026, 9:17 p.m. | 1\u00a0hour, 57\u00a0minutes ago\n \n Description : Cognee before 1.2.0 contains an improper access control vulnerability that allows unauthenticated attackers to overwrite the global LLM provider con...", "creation_timestamp": "2026-07-07T23:37:34.328100Z"}, {"uuid": "b25d2659-e74a-43ef-a31c-4e19d53d5a37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-58473", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116882120754434831", "content": "topoteretes cognee (&lt;1.2.0) is affected by CVE-2026-58473 (CRITICAL, CVSS 9.3): improper access control lets unauth attackers overwrite LLM provider config &amp; exfiltrate sensitive data. Restrict endpoint, monitor configs. https://radar.offseq.com/threat/cve-2026-58473-missing-authorization-in-topoterete-619eb25f0ae3e3eb #OffSeq #CVE #Infosec", "creation_timestamp": "2026-07-08T03:00:26.556037Z"}, {"uuid": "02873064-47e6-4536-a212-da4f28230610", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-58473", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mq44uubeqs23", "content": "CVE-2026-58473: topoteretes cognee (&lt;1.2.0) has a CRITICAL vuln \u2014 unauth attackers can hijack LLM config &amp; exfiltrate user data. No fix yet. Restrict settings endpoint &amp; monitor for changes. https://radar.offseq.com/threat/cve-2026-58473-missing-authorization-in-topoterete-619eb25f0ae3e3eb #OffSe...", "creation_timestamp": "2026-07-08T03:00:29.251058Z"}]}