{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31827", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-09T17:41:56.077Z", "datePublished": "2026-03-10T21:39:58.148Z", "dateUpdated": "2026-03-11T15:59:20.745Z"}, "containers": {"cna": {"title": "Alienbin: TTL Index Race Condition allows unauthorized deletion of other users data", "problemTypes": [{"descriptions": [{"cweId": "CWE-362", "lang": "en", "description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/Blue-B/Alienbin/security/advisories/GHSA-hqvr-6v89-gwff", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Blue-B/Alienbin/security/advisories/GHSA-hqvr-6v89-gwff"}], "affected": [{"vendor": "Blue-B", "product": "Alienbin", "versions": [{"version": "<= 1.0.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-10T21:39:58.148Z"}, "descriptions": [{"lang": "en", "value": "Alienbin is an anonymous code and text sharing web service. In 1.0.0 and earlier, the /save endpoint in server.js drops and recreates the MongoDB TTL index on the entire post collection for every new paste submission. When User B submits a paste with a short TTL (e.g., 30 seconds), the TTL index is recreated with expireAfterSeconds: 30 for all documents in the collection. This causes User A's paste (originally set to 7 days) to be deleted after 30 seconds. An attacker can intentionally delete all existing pastes by repeatedly submitting pastes with ttlOption=30s."}], "source": {"advisory": "GHSA-hqvr-6v89-gwff", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-11T15:51:52.996700Z", "id": "CVE-2026-31827", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T15:59:20.745Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-31827", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-11T15:51:52.996700Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T15:51:54.061Z"}}], "cna": {"title": "Alienbin: TTL Index Race Condition allows unauthorized deletion of other users data", "source": {"advisory": "GHSA-hqvr-6v89-gwff", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE"}}], "affected": [{"vendor": "Blue-B", "product": "Alienbin", "versions": [{"status": "affected", "version": "<= 1.0.0"}]}], "references": [{"url": "https://github.com/Blue-B/Alienbin/security/advisories/GHSA-hqvr-6v89-gwff", "name": "https://github.com/Blue-B/Alienbin/security/advisories/GHSA-hqvr-6v89-gwff", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Alienbin is an anonymous code and text sharing web service. In 1.0.0 and earlier, the /save endpoint in server.js drops and recreates the MongoDB TTL index on the entire post collection for every new paste submission. When User B submits a paste with a short TTL (e.g., 30 seconds), the TTL index is recreated with expireAfterSeconds: 30 for all documents in the collection. This causes User A's paste (originally set to 7 days) to be deleted after 30 seconds. An attacker can intentionally delete all existing pastes by repeatedly submitting pastes with ttlOption=30s."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-362", "description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-10T21:39:58.148Z"}}}, "cveMetadata": {"cveId": "CVE-2026-31827", "state": "PUBLISHED", "dateUpdated": "2026-03-11T15:59:20.745Z", "dateReserved": "2026-03-09T17:41:56.077Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-10T21:39:58.148Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Alienbin is an anonymous code and text sharing web service. In 1.0.0 and earlier, the /save endpoint in server.js drops and recreates the MongoDB TTL index on the entire post collection for every new paste submission. When User B submits a paste with a short TTL (e.g., 30 seconds), the TTL index is recreated with expireAfterSeconds: 30 for all documents in the collection. This causes User A's paste (originally set to 7 days) to be deleted after 30 seconds. An attacker can intentionally delete all existing pastes by repeatedly submitting pastes with ttlOption=30s."}, {"lang": "es", "value": "Alienbin es un servicio web an\u00f3nimo para compartir c\u00f3digo y texto. En 1.0.0 y anteriores, el endpoint /save en server.js elimina y recrea el \u00edndice TTL de MongoDB en toda la colecci\u00f3n post para cada nuevo env\u00edo de paste. Cuando el Usuario B env\u00eda un paste con un TTL corto (por ejemplo, 30 segundos), el \u00edndice TTL se recrea con expireAfterSeconds: 30 para todos los documentos de la colecci\u00f3n. Esto provoca que el paste del Usuario A (originalmente configurado para 7 d\u00edas) sea eliminado despu\u00e9s de 30 segundos. Un atacante puede eliminar intencionadamente todos los pastes existentes al enviar repetidamente pastes con ttlOption=30s."}], "id": "CVE-2026-31827", "lastModified": "2026-04-16T14:47:16.733", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-10T22:16:20.633", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/Blue-B/Alienbin/security/advisories/GHSA-hqvr-6v89-gwff"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.0.0]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Alienbin", "source": "cna", "vendor": "Blue-B"}, "product": "alienbin", "vendor": "blue-b"}], "analysis": {"en": {"generated_at": "2026-04-16T03:09:23.312845+00:00", "value": {"mitigation_remediation": ["Upgrade to the latest Alienbin release in which the collection TTL index is created only once and does not override user\u2011specified TTLs.", "If an upgrade is not immediately possible, modify the server code to store a per\u2011document TTL value instead of recreating a collection\u2011wide TTL index on each request.", "Validate or restrict ttlOption values so that values below a safe threshold (e.g., 1 hour) are rejected or capped, preventing maliciously short expirations."], "summary": {"action": "Immediate Patch", "impact": "Unauthorized deletion of other users' data"}, "threat_synthesis": {"affected_systems": "The affected product is Alienbin from Blue\u2011B, version 1.0.0 and all earlier releases that use the /save endpoint which recreates the TTL index on every request.", "description_and_impact": "The vulnerability is a TTL index race condition in the /save endpoint of Alienbin. Each paste submission drops and recreates the MongoDB TTL index for the entire post collection with the TTL specified by the submitter. This concurrency flaw allows an attacker to submit pastes with a short TTL, which causes the index to apply that short expiration to all documents, deleting other users' pastes prematurely. The flaw manifests as a data loss event with no remote code execution or privilege escalation. The weakness is identified as CWE\u2011362, a race condition.", "risk_and_exploitability": "The CVSS score is 7.1, indicating a high severity of unauthorized data deletion. The EPSS score is less than 1\u202f%, implying the probability of exploitation is low, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector involves sending HTTP POST requests to the /save endpoint with a ttlOption of 30 seconds or similar, and repeating this action to delete all pastes. Because the TTL index is recreated globally, any concurrent writes or reads in the database can be affected, making the exploit straightforward for users with network access to the service."}}}}, "created": "2026-03-11T11:39:16.053388+00:00", "updated": "2026-04-16T03:15:22.948127+00:00", "vendors": ["blue-b", "blue-b$PRODUCT$alienbin"]}