CVE Catalog

CVE-2026-13483

LowCVSS 3.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.10%

1th percentile — higher than 1% of all known CVEs

Summary

A vulnerability has been found in arc53 DocsGPT up to version 0.18.0 in the encrypt_credentials function within application/security/encryption.py. It involves insufficient verification of data authenticity, potentially allowing remote attacks. Although the exploit is difficult, it has been published and may be used.

Risk Assessment

The risk involves potential remote compromise of stored credentials integrity, which could lead to unauthorized access to the system or data. The attack is difficult to execute, but the public availability of the exploit increases the likelihood of an attack.

Recommendation

It is recommended to immediately apply the available fix (pull request) or temporarily disable the credential storage function until an official patch is released. Monitor the DocsGPT project for updates.

Original NVD description (English source)

A flaw has been found in arc53 DocsGPT up to 0.18.0. The affected element is the function encrypt_credentials of the file application/security/encryption.py of the component Credential Storage. This manipulation causes insufficient verification of data authenticity. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is described as difficult. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS