Description
A security flaw has been discovered in vibrantlabsai RAGAS up to 0.4.3. The affected element is the function _try_process_local_file/_try_process_url of the file src/ragas/metrics/collections/multi_modal_faithfulness/util.py of the component Collections Module. Performing a manipulation of the argument retrieved_contexts results in server-side request forgery. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The security patch for CVE-2025-45691 was applied to a different module only. The vendor was contacted early about this disclosure but did not respond in any way.
INFO
Published Date :
2026-04-20T00:00:19.515Z
Last Modified :
2026-04-20T00:00:19.515Z
Source :
VulDB
AFFECTED PRODUCTS
The following products are affected by CVE-2026-6587 vulnerability.
| Vendors | Products |
|---|---|
| Vibrantlabsai |
|
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2026-6587.
