Common Weakness Enumeration

CWE-639

Allowed

Authorization Bypass Through User-Controlled Key

Abstraction: Base · Status: Incomplete

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

3255 vulnerabilities reference this CWE, most recent first.

CVE-2026-6585 (GCVE-0-2026-6585)

Vulnerability from cvelistv5 – Published: 2026-04-19 23:30 – Updated: 2026-04-20 14:55
VLAI
Title
TransformerOptimus SuperAGI Organisation Update Endpoint organisation.py update_organisation authorization
Summary
A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This issue affects the function update_organisation of the file superagi/controllers/organisation.py of the component Organisation Update Endpoint. This manipulation of the argument organisation_id causes authorization bypass. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://vuldb.com/vuln/358220 vdb-entrytechnical-description
https://vuldb.com/vuln/358220/cti signaturepermissions-required
https://vuldb.com/submit/791076 third-party-advisory
https://gist.github.com/YLChen-007/88ea045efa387a… exploit
Impacted products
Vendor Product Version
TransformerOptimus SuperAGI Affected: 0.0.1
Affected: 0.0.2
Affected: 0.0.3
Affected: 0.0.4
Affected: 0.0.5
Affected: 0.0.6
Affected: 0.0.7
Affected: 0.0.8
Affected: 0.0.9
Affected: 0.0.10
Affected: 0.0.11
Affected: 0.0.12
Affected: 0.0.13
Affected: 0.0.14
    cpe:2.3:a:superagi:superagi:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Eric-z (VulDB User) VulDB CNA Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-6585",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-20T14:42:43.001164Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-20T14:55:07.060Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:superagi:superagi:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "Organisation Update Endpoint"
          ],
          "product": "SuperAGI",
          "vendor": "TransformerOptimus",
          "versions": [
            {
              "status": "affected",
              "version": "0.0.1"
            },
            {
              "status": "affected",
              "version": "0.0.2"
            },
            {
              "status": "affected",
              "version": "0.0.3"
            },
            {
              "status": "affected",
              "version": "0.0.4"
            },
            {
              "status": "affected",
              "version": "0.0.5"
            },
            {
              "status": "affected",
              "version": "0.0.6"
            },
            {
              "status": "affected",
              "version": "0.0.7"
            },
            {
              "status": "affected",
              "version": "0.0.8"
            },
            {
              "status": "affected",
              "version": "0.0.9"
            },
            {
              "status": "affected",
              "version": "0.0.10"
            },
            {
              "status": "affected",
              "version": "0.0.11"
            },
            {
              "status": "affected",
              "version": "0.0.12"
            },
            {
              "status": "affected",
              "version": "0.0.13"
            },
            {
              "status": "affected",
              "version": "0.0.14"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Eric-z (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB CNA Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This issue affects the function update_organisation of the file superagi/controllers/organisation.py of the component Organisation Update Endpoint. This manipulation of the argument organisation_id causes authorization bypass. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5.5,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "Authorization Bypass",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "Improper Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-19T23:30:14.085Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-358220 | TransformerOptimus SuperAGI Organisation Update Endpoint organisation.py update_organisation authorization",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/358220"
        },
        {
          "name": "VDB-358220 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/358220/cti"
        },
        {
          "name": "Submit #791076 | SuperAGI up to c3c1982 Authorization Bypass Through User-Controlled Key (CWE-639)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/791076"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://gist.github.com/YLChen-007/88ea045efa387ab0b93f6dd2f797e653"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-04-19T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-04-19T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-04-19T07:46:20.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "TransformerOptimus SuperAGI Organisation Update Endpoint organisation.py update_organisation authorization"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-6585",
    "datePublished": "2026-04-19T23:30:14.085Z",
    "dateReserved": "2026-04-19T05:41:15.270Z",
    "dateUpdated": "2026-04-20T14:55:07.060Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-6584 (GCVE-0-2026-6584)

Vulnerability from cvelistv5 – Published: 2026-04-19 23:15 – Updated: 2026-04-20 15:07
VLAI
Title
TransformerOptimus SuperAGI User Update Endpoint user.py update_user authorization
Summary
A vulnerability was found in TransformerOptimus SuperAGI up to 0.0.14. This vulnerability affects the function update_user of the file superagi/controllers/user.py of the component User Update Endpoint. The manipulation of the argument user_id results in authorization bypass. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://vuldb.com/vuln/358219 vdb-entrytechnical-description
https://vuldb.com/vuln/358219/cti signaturepermissions-required
https://vuldb.com/submit/791075 third-party-advisory
https://gist.github.com/YLChen-007/79b967ece52d42… exploit
Impacted products
Vendor Product Version
TransformerOptimus SuperAGI Affected: 0.0.1
Affected: 0.0.2
Affected: 0.0.3
Affected: 0.0.4
Affected: 0.0.5
Affected: 0.0.6
Affected: 0.0.7
Affected: 0.0.8
Affected: 0.0.9
Affected: 0.0.10
Affected: 0.0.11
Affected: 0.0.12
Affected: 0.0.13
Affected: 0.0.14
    cpe:2.3:a:superagi:superagi:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Eric-z (VulDB User) VulDB CNA Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-6584",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-20T15:07:41.315185Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-20T15:07:48.363Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:superagi:superagi:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "User Update Endpoint"
          ],
          "product": "SuperAGI",
          "vendor": "TransformerOptimus",
          "versions": [
            {
              "status": "affected",
              "version": "0.0.1"
            },
            {
              "status": "affected",
              "version": "0.0.2"
            },
            {
              "status": "affected",
              "version": "0.0.3"
            },
            {
              "status": "affected",
              "version": "0.0.4"
            },
            {
              "status": "affected",
              "version": "0.0.5"
            },
            {
              "status": "affected",
              "version": "0.0.6"
            },
            {
              "status": "affected",
              "version": "0.0.7"
            },
            {
              "status": "affected",
              "version": "0.0.8"
            },
            {
              "status": "affected",
              "version": "0.0.9"
            },
            {
              "status": "affected",
              "version": "0.0.10"
            },
            {
              "status": "affected",
              "version": "0.0.11"
            },
            {
              "status": "affected",
              "version": "0.0.12"
            },
            {
              "status": "affected",
              "version": "0.0.13"
            },
            {
              "status": "affected",
              "version": "0.0.14"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Eric-z (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB CNA Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in TransformerOptimus SuperAGI up to 0.0.14. This vulnerability affects the function update_user of the file superagi/controllers/user.py of the component User Update Endpoint. The manipulation of the argument user_id results in authorization bypass. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5.5,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "Authorization Bypass",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "Improper Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-19T23:15:16.091Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-358219 | TransformerOptimus SuperAGI User Update Endpoint user.py update_user authorization",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/358219"
        },
        {
          "name": "VDB-358219 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/358219/cti"
        },
        {
          "name": "Submit #791075 | SuperAGI up to c3c1982 Authorization Bypass Through User-Controlled Key (CWE-639)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/791075"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://gist.github.com/YLChen-007/79b967ece52d424558f279156dd53324"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-04-19T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-04-19T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-04-19T07:46:11.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "TransformerOptimus SuperAGI User Update Endpoint user.py update_user authorization"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-6584",
    "datePublished": "2026-04-19T23:15:16.091Z",
    "dateReserved": "2026-04-19T05:41:06.301Z",
    "dateUpdated": "2026-04-20T15:07:48.363Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-6583 (GCVE-0-2026-6583)

Vulnerability from cvelistv5 – Published: 2026-04-19 23:00 – Updated: 2026-04-20 16:14
VLAI
Title
TransformerOptimus SuperAGI API Key Management Endpoint api_key.py edit_api_key authorization
Summary
A vulnerability has been found in TransformerOptimus SuperAGI up to 0.0.14. This affects the function delete_api_key/edit_api_key of the file superagi/controllers/api_key.py of the component API Key Management Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://vuldb.com/vuln/358218 vdb-entrytechnical-description
https://vuldb.com/vuln/358218/cti signaturepermissions-required
https://vuldb.com/submit/791074 third-party-advisory
https://gist.github.com/YLChen-007/ba28ac92d9fd01… exploit
Impacted products
Vendor Product Version
TransformerOptimus SuperAGI Affected: 0.0.1
Affected: 0.0.2
Affected: 0.0.3
Affected: 0.0.4
Affected: 0.0.5
Affected: 0.0.6
Affected: 0.0.7
Affected: 0.0.8
Affected: 0.0.9
Affected: 0.0.10
Affected: 0.0.11
Affected: 0.0.12
Affected: 0.0.13
Affected: 0.0.14
    cpe:2.3:a:superagi:superagi:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Eric-z (VulDB User) VulDB CNA Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-6583",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-20T16:13:46.394125Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-20T16:14:10.062Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:superagi:superagi:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "API Key Management Endpoint"
          ],
          "product": "SuperAGI",
          "vendor": "TransformerOptimus",
          "versions": [
            {
              "status": "affected",
              "version": "0.0.1"
            },
            {
              "status": "affected",
              "version": "0.0.2"
            },
            {
              "status": "affected",
              "version": "0.0.3"
            },
            {
              "status": "affected",
              "version": "0.0.4"
            },
            {
              "status": "affected",
              "version": "0.0.5"
            },
            {
              "status": "affected",
              "version": "0.0.6"
            },
            {
              "status": "affected",
              "version": "0.0.7"
            },
            {
              "status": "affected",
              "version": "0.0.8"
            },
            {
              "status": "affected",
              "version": "0.0.9"
            },
            {
              "status": "affected",
              "version": "0.0.10"
            },
            {
              "status": "affected",
              "version": "0.0.11"
            },
            {
              "status": "affected",
              "version": "0.0.12"
            },
            {
              "status": "affected",
              "version": "0.0.13"
            },
            {
              "status": "affected",
              "version": "0.0.14"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Eric-z (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB CNA Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been found in TransformerOptimus SuperAGI up to 0.0.14. This affects the function delete_api_key/edit_api_key of the file superagi/controllers/api_key.py of the component API Key Management Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5.5,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "Authorization Bypass",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "Improper Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-19T23:00:20.450Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-358218 | TransformerOptimus SuperAGI API Key Management Endpoint api_key.py edit_api_key authorization",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/358218"
        },
        {
          "name": "VDB-358218 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/358218/cti"
        },
        {
          "name": "Submit #791074 | SuperAGI SuperAGI  up to c3c1982 Authorization Bypass Through User-Controlled Key (CWE-639)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/791074"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://gist.github.com/YLChen-007/ba28ac92d9fd011d40560dbf2bac39ce"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-04-19T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-04-19T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-04-19T07:46:07.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "TransformerOptimus SuperAGI API Key Management Endpoint api_key.py edit_api_key authorization"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-6583",
    "datePublished": "2026-04-19T23:00:20.450Z",
    "dateReserved": "2026-04-19T05:40:52.536Z",
    "dateUpdated": "2026-04-20T16:14:10.062Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-6571 (GCVE-0-2026-6571)

Vulnerability from cvelistv5 – Published: 2026-04-19 12:00 – Updated: 2026-04-20 14:18
VLAI
Title
kodcloud KodExplorer systemRole.class.php roleGroupAction authorization
Summary
A weakness has been identified in kodcloud KodExplorer up to 4.52. Affected by this vulnerability is the function roleGroupAction of the file /app/controller/systemRole.class.php. Executing a manipulation of the argument group_role can lead to authorization bypass. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://vuldb.com/vuln/358205 vdb-entrytechnical-description
https://vuldb.com/vuln/358205/cti signaturepermissions-required
https://vuldb.com/submit/789987 third-party-advisory
https://vulnplus-note.wetolink.com/share/atu3UbqnfAgs broken-linkexploit
Impacted products
Vendor Product Version
kodcloud KodExplorer Affected: 4.0
Affected: 4.1
Affected: 4.2
Affected: 4.3
Affected: 4.4
Affected: 4.5
Affected: 4.6
Affected: 4.7
Affected: 4.8
Affected: 4.9
Affected: 4.10
Affected: 4.11
Affected: 4.12
Affected: 4.13
Affected: 4.14
Affected: 4.15
Affected: 4.16
Affected: 4.17
Affected: 4.18
Affected: 4.19
Affected: 4.20
Affected: 4.21
Affected: 4.22
Affected: 4.23
Affected: 4.24
Affected: 4.25
Affected: 4.26
Affected: 4.27
Affected: 4.28
Affected: 4.29
Affected: 4.30
Affected: 4.31
Affected: 4.32
Affected: 4.33
Affected: 4.34
Affected: 4.35
Affected: 4.36
Affected: 4.37
Affected: 4.38
Affected: 4.39
Affected: 4.40
Affected: 4.41
Affected: 4.42
Affected: 4.43
Affected: 4.44
Affected: 4.45
Affected: 4.46
Affected: 4.47
Affected: 4.48
Affected: 4.49
Affected: 4.50
Affected: 4.51
Affected: 4.52
    cpe:2.3:a:kodcloud:kodexplorer:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
vulnplusbot (VulDB User) VulDB CNA Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-6571",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-20T14:18:02.072581Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-20T14:18:17.474Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:kodcloud:kodexplorer:*:*:*:*:*:*:*:*"
          ],
          "product": "KodExplorer",
          "vendor": "kodcloud",
          "versions": [
            {
              "status": "affected",
              "version": "4.0"
            },
            {
              "status": "affected",
              "version": "4.1"
            },
            {
              "status": "affected",
              "version": "4.2"
            },
            {
              "status": "affected",
              "version": "4.3"
            },
            {
              "status": "affected",
              "version": "4.4"
            },
            {
              "status": "affected",
              "version": "4.5"
            },
            {
              "status": "affected",
              "version": "4.6"
            },
            {
              "status": "affected",
              "version": "4.7"
            },
            {
              "status": "affected",
              "version": "4.8"
            },
            {
              "status": "affected",
              "version": "4.9"
            },
            {
              "status": "affected",
              "version": "4.10"
            },
            {
              "status": "affected",
              "version": "4.11"
            },
            {
              "status": "affected",
              "version": "4.12"
            },
            {
              "status": "affected",
              "version": "4.13"
            },
            {
              "status": "affected",
              "version": "4.14"
            },
            {
              "status": "affected",
              "version": "4.15"
            },
            {
              "status": "affected",
              "version": "4.16"
            },
            {
              "status": "affected",
              "version": "4.17"
            },
            {
              "status": "affected",
              "version": "4.18"
            },
            {
              "status": "affected",
              "version": "4.19"
            },
            {
              "status": "affected",
              "version": "4.20"
            },
            {
              "status": "affected",
              "version": "4.21"
            },
            {
              "status": "affected",
              "version": "4.22"
            },
            {
              "status": "affected",
              "version": "4.23"
            },
            {
              "status": "affected",
              "version": "4.24"
            },
            {
              "status": "affected",
              "version": "4.25"
            },
            {
              "status": "affected",
              "version": "4.26"
            },
            {
              "status": "affected",
              "version": "4.27"
            },
            {
              "status": "affected",
              "version": "4.28"
            },
            {
              "status": "affected",
              "version": "4.29"
            },
            {
              "status": "affected",
              "version": "4.30"
            },
            {
              "status": "affected",
              "version": "4.31"
            },
            {
              "status": "affected",
              "version": "4.32"
            },
            {
              "status": "affected",
              "version": "4.33"
            },
            {
              "status": "affected",
              "version": "4.34"
            },
            {
              "status": "affected",
              "version": "4.35"
            },
            {
              "status": "affected",
              "version": "4.36"
            },
            {
              "status": "affected",
              "version": "4.37"
            },
            {
              "status": "affected",
              "version": "4.38"
            },
            {
              "status": "affected",
              "version": "4.39"
            },
            {
              "status": "affected",
              "version": "4.40"
            },
            {
              "status": "affected",
              "version": "4.41"
            },
            {
              "status": "affected",
              "version": "4.42"
            },
            {
              "status": "affected",
              "version": "4.43"
            },
            {
              "status": "affected",
              "version": "4.44"
            },
            {
              "status": "affected",
              "version": "4.45"
            },
            {
              "status": "affected",
              "version": "4.46"
            },
            {
              "status": "affected",
              "version": "4.47"
            },
            {
              "status": "affected",
              "version": "4.48"
            },
            {
              "status": "affected",
              "version": "4.49"
            },
            {
              "status": "affected",
              "version": "4.50"
            },
            {
              "status": "affected",
              "version": "4.51"
            },
            {
              "status": "affected",
              "version": "4.52"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "vulnplusbot (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB CNA Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A weakness has been identified in kodcloud KodExplorer up to 4.52. Affected by this vulnerability is the function roleGroupAction of the file /app/controller/systemRole.class.php. Executing a manipulation of the argument group_role can lead to authorization bypass. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "Authorization Bypass",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "Improper Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-19T12:00:17.810Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-358205 | kodcloud KodExplorer systemRole.class.php roleGroupAction authorization",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/358205"
        },
        {
          "name": "VDB-358205 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/358205/cti"
        },
        {
          "name": "Submit #789987 | KodExplorer 4.52 Authorization Bypass",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/789987"
        },
        {
          "tags": [
            "broken-link",
            "exploit"
          ],
          "url": "https://vulnplus-note.wetolink.com/share/atu3UbqnfAgs"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-04-18T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-04-18T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-04-18T21:12:40.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "kodcloud KodExplorer systemRole.class.php roleGroupAction authorization"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-6571",
    "datePublished": "2026-04-19T12:00:17.810Z",
    "dateReserved": "2026-04-18T19:07:03.225Z",
    "dateUpdated": "2026-04-20T14:18:17.474Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-6570 (GCVE-0-2026-6570)

Vulnerability from cvelistv5 – Published: 2026-04-19 11:00 – Updated: 2026-04-20 16:23
VLAI
Title
kodcloud KodExplorer systemMember.class.php initInstall authorization
Summary
A security flaw has been discovered in kodcloud KodExplorer up to 4.52. Affected is the function initInstall of the file /app/controller/systemMember.class.php. Performing a manipulation of the argument path results in authorization bypass. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://vuldb.com/vuln/358204 vdb-entrytechnical-description
https://vuldb.com/vuln/358204/cti signaturepermissions-required
https://vuldb.com/submit/789983 third-party-advisory
https://vulnplus-note.wetolink.com/share/byd7AQVs42VY broken-linkexploit
Impacted products
Vendor Product Version
kodcloud KodExplorer Affected: 4.0
Affected: 4.1
Affected: 4.2
Affected: 4.3
Affected: 4.4
Affected: 4.5
Affected: 4.6
Affected: 4.7
Affected: 4.8
Affected: 4.9
Affected: 4.10
Affected: 4.11
Affected: 4.12
Affected: 4.13
Affected: 4.14
Affected: 4.15
Affected: 4.16
Affected: 4.17
Affected: 4.18
Affected: 4.19
Affected: 4.20
Affected: 4.21
Affected: 4.22
Affected: 4.23
Affected: 4.24
Affected: 4.25
Affected: 4.26
Affected: 4.27
Affected: 4.28
Affected: 4.29
Affected: 4.30
Affected: 4.31
Affected: 4.32
Affected: 4.33
Affected: 4.34
Affected: 4.35
Affected: 4.36
Affected: 4.37
Affected: 4.38
Affected: 4.39
Affected: 4.40
Affected: 4.41
Affected: 4.42
Affected: 4.43
Affected: 4.44
Affected: 4.45
Affected: 4.46
Affected: 4.47
Affected: 4.48
Affected: 4.49
Affected: 4.50
Affected: 4.51
Affected: 4.52
    cpe:2.3:a:kodcloud:kodexplorer:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
vulnplusbot (VulDB User) VulDB CNA Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-6570",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-20T16:23:35.480939Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-20T16:23:44.786Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:kodcloud:kodexplorer:*:*:*:*:*:*:*:*"
          ],
          "product": "KodExplorer",
          "vendor": "kodcloud",
          "versions": [
            {
              "status": "affected",
              "version": "4.0"
            },
            {
              "status": "affected",
              "version": "4.1"
            },
            {
              "status": "affected",
              "version": "4.2"
            },
            {
              "status": "affected",
              "version": "4.3"
            },
            {
              "status": "affected",
              "version": "4.4"
            },
            {
              "status": "affected",
              "version": "4.5"
            },
            {
              "status": "affected",
              "version": "4.6"
            },
            {
              "status": "affected",
              "version": "4.7"
            },
            {
              "status": "affected",
              "version": "4.8"
            },
            {
              "status": "affected",
              "version": "4.9"
            },
            {
              "status": "affected",
              "version": "4.10"
            },
            {
              "status": "affected",
              "version": "4.11"
            },
            {
              "status": "affected",
              "version": "4.12"
            },
            {
              "status": "affected",
              "version": "4.13"
            },
            {
              "status": "affected",
              "version": "4.14"
            },
            {
              "status": "affected",
              "version": "4.15"
            },
            {
              "status": "affected",
              "version": "4.16"
            },
            {
              "status": "affected",
              "version": "4.17"
            },
            {
              "status": "affected",
              "version": "4.18"
            },
            {
              "status": "affected",
              "version": "4.19"
            },
            {
              "status": "affected",
              "version": "4.20"
            },
            {
              "status": "affected",
              "version": "4.21"
            },
            {
              "status": "affected",
              "version": "4.22"
            },
            {
              "status": "affected",
              "version": "4.23"
            },
            {
              "status": "affected",
              "version": "4.24"
            },
            {
              "status": "affected",
              "version": "4.25"
            },
            {
              "status": "affected",
              "version": "4.26"
            },
            {
              "status": "affected",
              "version": "4.27"
            },
            {
              "status": "affected",
              "version": "4.28"
            },
            {
              "status": "affected",
              "version": "4.29"
            },
            {
              "status": "affected",
              "version": "4.30"
            },
            {
              "status": "affected",
              "version": "4.31"
            },
            {
              "status": "affected",
              "version": "4.32"
            },
            {
              "status": "affected",
              "version": "4.33"
            },
            {
              "status": "affected",
              "version": "4.34"
            },
            {
              "status": "affected",
              "version": "4.35"
            },
            {
              "status": "affected",
              "version": "4.36"
            },
            {
              "status": "affected",
              "version": "4.37"
            },
            {
              "status": "affected",
              "version": "4.38"
            },
            {
              "status": "affected",
              "version": "4.39"
            },
            {
              "status": "affected",
              "version": "4.40"
            },
            {
              "status": "affected",
              "version": "4.41"
            },
            {
              "status": "affected",
              "version": "4.42"
            },
            {
              "status": "affected",
              "version": "4.43"
            },
            {
              "status": "affected",
              "version": "4.44"
            },
            {
              "status": "affected",
              "version": "4.45"
            },
            {
              "status": "affected",
              "version": "4.46"
            },
            {
              "status": "affected",
              "version": "4.47"
            },
            {
              "status": "affected",
              "version": "4.48"
            },
            {
              "status": "affected",
              "version": "4.49"
            },
            {
              "status": "affected",
              "version": "4.50"
            },
            {
              "status": "affected",
              "version": "4.51"
            },
            {
              "status": "affected",
              "version": "4.52"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "vulnplusbot (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB CNA Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security flaw has been discovered in kodcloud KodExplorer up to 4.52. Affected is the function initInstall of the file /app/controller/systemMember.class.php. Performing a manipulation of the argument path results in authorization bypass. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 3.3,
            "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "Authorization Bypass",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "Improper Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-19T11:00:17.545Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-358204 | kodcloud KodExplorer systemMember.class.php initInstall authorization",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/358204"
        },
        {
          "name": "VDB-358204 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/358204/cti"
        },
        {
          "name": "Submit #789983 | KodExplorer 4.52 Authorization Bypass",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/789983"
        },
        {
          "tags": [
            "broken-link",
            "exploit"
          ],
          "url": "https://vulnplus-note.wetolink.com/share/byd7AQVs42VY"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-04-18T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-04-18T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-04-18T21:12:20.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "kodcloud KodExplorer systemMember.class.php initInstall authorization"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-6570",
    "datePublished": "2026-04-19T11:00:17.545Z",
    "dateReserved": "2026-04-18T19:06:59.838Z",
    "dateUpdated": "2026-04-20T16:23:44.786Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-6566 (GCVE-0-2026-6566)

Vulnerability from cvelistv5 – Published: 2026-05-20 05:31 – Updated: 2026-05-20 15:54
VLAI
Title
Photo Gallery, Sliders, Proofing and Themes <= 4.2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Image Deletion via REST API
Summary
The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insufficient object-level authorization in the image deletion REST flow where the permission callback for DELETE /imagely/v1/images/{id} only checks 'NextGEN Manage gallery' permissions and does not enforce gallery ownership or 'NextGEN Manage others gallery' permissions. This makes it possible for authenticated attackers, with Subscriber-level privileges and 'NextGEN Manage gallery' capability, to delete gallery images belonging to other users as well as their associated image files from disk when deleteImg is enabled (default).
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
Impacted products
Credits
Bao Luu Gia Nguyen
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-6566",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-20T15:43:36.099126Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-20T15:54:05.752Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Photo Gallery, Sliders, Proofing and Themes \u2013 NextGEN Gallery",
          "vendor": "smub",
          "versions": [
            {
              "lessThanOrEqual": "4.2.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Bao Luu Gia Nguyen"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Photo Gallery, Sliders, Proofing and Themes \u2013 NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insufficient object-level authorization in the image deletion REST flow where the permission callback for DELETE /imagely/v1/images/{id} only checks \u0027NextGEN Manage gallery\u0027 permissions and does not enforce gallery ownership or \u0027NextGEN Manage others gallery\u0027 permissions. This makes it possible for authenticated attackers, with Subscriber-level privileges and \u0027NextGEN Manage gallery\u0027 capability, to delete gallery images belonging to other users as well as their associated image files from disk when deleteImg is enabled (default)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-20T05:31:10.536Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/439809ad-21ea-4a0b-b1fd-5de9f8f5ee7a?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/3533432/nextgen-gallery"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-04-18T20:42:58.000Z",
          "value": "Vendor Notified"
        },
        {
          "lang": "en",
          "time": "2026-05-19T17:01:55.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "Photo Gallery, Sliders, Proofing and Themes \u003c= 4.2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Image Deletion via REST API"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2026-6566",
    "datePublished": "2026-05-20T05:31:10.536Z",
    "dateReserved": "2026-04-18T17:51:56.808Z",
    "dateUpdated": "2026-05-20T15:54:05.752Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-6552 (GCVE-0-2026-6552)

Vulnerability from cvelistv5 – Published: 2026-06-11 10:20 – Updated: 2026-06-19 05:11
VLAI
Title
Authorization Bypass Through User-Controlled Key in GitLab
Summary
GitLab has remediated an issue in GitLab EE affecting all versions from 15.5 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with group Owner role to take over another group member's GitLab account due to improper authorization in the Group SAML identity management functionality.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
Impacted products
Vendor Product Version
GitLab GitLab Affected: 15.5 , < 18.10.8 (semver)
Affected: 18.11 , < 18.11.5 (semver)
Affected: 19.0 , < 19.0.2 (semver)
    cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Thanks [Vitaly Simonovich](https://www.linkedin.com/in/vitalysimonovich/) for reporting this vulnerability through our HackerOne bug bounty program
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-6552",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-11T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-12T03:55:25.275Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "GitLab",
          "repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
          "vendor": "GitLab",
          "versions": [
            {
              "lessThan": "18.10.8",
              "status": "affected",
              "version": "15.5",
              "versionType": "semver"
            },
            {
              "lessThan": "18.11.5",
              "status": "affected",
              "version": "18.11",
              "versionType": "semver"
            },
            {
              "lessThan": "19.0.2",
              "status": "affected",
              "version": "19.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Thanks [Vitaly Simonovich](https://www.linkedin.com/in/vitalysimonovich/) for reporting this vulnerability through our HackerOne bug bounty program"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "GitLab has remediated an issue in GitLab EE affecting all versions from 15.5 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with group Owner role to take over another group member\u0027s GitLab account due to improper authorization in the Group SAML identity management functionality."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "CWE-639: Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-19T05:11:23.564Z",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/597295"
        },
        {
          "name": "HackerOne Bug Bounty Report #3655189",
          "tags": [
            "technical-description",
            "exploit",
            "permissions-required"
          ],
          "url": "https://hackerone.com/reports/3655189"
        },
        {
          "url": "https://about.gitlab.com/releases/2026/06/10/patch-release-gitlab-19-0-2-released/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to versions 18.10.8, 18.11.5, 19.0.2 or above."
        }
      ],
      "title": "Authorization Bypass Through User-Controlled Key in GitLab"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2026-6552",
    "datePublished": "2026-06-11T10:20:21.427Z",
    "dateReserved": "2026-04-17T21:34:28.848Z",
    "dateUpdated": "2026-06-19T05:11:23.564Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-6542 (GCVE-0-2026-6542)

Vulnerability from cvelistv5 – Published: 2026-04-30 21:16 – Updated: 2026-05-01 15:00
VLAI
Title
Monitor API allows cross-user read of transaction logs and deletion of build data via flow_id
Summary
IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flow_id to read transaction logs and vertex build data belonging to other users, and to delete persisted vertex build data for another user's flow.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
ibm
References
URL Tags
https://www.ibm.com/support/pages/node/7270886 vendor-advisorypatch
Impacted products
Vendor Product Version
IBM Langflow OSS Affected: 1.0.0 , ≤ 1.8.4 (semver)
    cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:langflow_oss:1.8.4:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-6542",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-01T14:59:58.126303Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-01T15:00:43.375Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:langflow_oss:1.8.4:*:*:*:*:*:*:*"
          ],
          "product": "Langflow OSS",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "1.8.4",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flow_id to read transaction logs and vertex build data belonging to other users, and to delete persisted vertex build data for another user\u0027s flow.\u003c/p\u003e"
            }
          ],
          "value": "IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flow_id to read transaction logs and vertex build data belonging to other users, and to delete persisted vertex build data for another user\u0027s flow."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-30T21:16:10.787Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7270886"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM recommends addressing the vulnerability now by upgrading to Langflow OSS 1.9.0 or newer:\u0026nbsp;\u003ca href=\"https://github.com/langflow-ai/langflow\" rel=\"nofollow\"\u003ehttps://github.com/langflow-ai/langflow\u003c/a\u003e\u003c/p\u003e"
            }
          ],
          "value": "IBM recommends addressing the vulnerability now by upgrading to Langflow OSS 1.9.0 or newer:\u00a0 https://github.com/langflow-ai/langflow"
        }
      ],
      "title": "Monitor API allows cross-user read of transaction logs and deletion of build data via flow_id",
      "x_generator": {
        "engine": "ibm-cvegen"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2026-6542",
    "datePublished": "2026-04-30T21:16:10.787Z",
    "dateReserved": "2026-04-17T17:59:10.380Z",
    "dateUpdated": "2026-05-01T15:00:43.375Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-6541 (GCVE-0-2026-6541)

Vulnerability from cvelistv5 – Published: 2026-07-13 10:53 – Updated: 2026-07-13 13:09
VLAI
Title
Unscoped updates to other playbooks' metric configuration
Summary
Mattermost versions 11.7.x <= 11.7.1, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to restrict metric configuration changes to the playbook being saved, which allows an authenticated user with team access to alter another user’s playbook metric settings via a crafted import or update request with a foreign metric ID. Mattermost Advisory ID: MMSA-2026-00653
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
URL Tags
https://mattermost.com/security-updates vendor-advisory
Impacted products
Vendor Product Version
Mattermost Mattermost Affected: 11.7.0 , ≤ 11.7.1 (semver)
Affected: 11.6.0 , ≤ 11.6.4 (semver)
Affected: 10.11.0 , ≤ 10.11.19 (semver)
Unaffected: 11.8.0
Unaffected: 11.7.2
Unaffected: 11.6.5
Unaffected: 10.11.20
Create a notification for this product.
Credits
hfreak_s
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-6541",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-13T13:09:03.398556Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-13T13:09:10.482Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Mattermost",
          "vendor": "Mattermost",
          "versions": [
            {
              "lessThanOrEqual": "11.7.1",
              "status": "affected",
              "version": "11.7.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "11.6.4",
              "status": "affected",
              "version": "11.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.11.19",
              "status": "affected",
              "version": "10.11.0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "11.8.0"
            },
            {
              "status": "unaffected",
              "version": "11.7.2"
            },
            {
              "status": "unaffected",
              "version": "11.6.5"
            },
            {
              "status": "unaffected",
              "version": "10.11.20"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "hfreak_s"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Mattermost versions 11.7.x \u003c= 11.7.1, 11.6.x \u003c= 11.6.4, 10.11.x \u003c= 10.11.19 fail to restrict metric configuration changes to the playbook being saved, which allows an authenticated user with team access to alter another user\u2019s playbook metric settings via a crafted import or update request with a foreign metric ID. Mattermost Advisory ID: MMSA-2026-00653"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "CWE-639: Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-13T10:53:15.958Z",
        "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "shortName": "Mattermost"
      },
      "references": [
        {
          "name": "MMSA-2026-00653",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://mattermost.com/security-updates"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Update Mattermost to versions 11.8.0, 11.7.2, 11.6.5, 10.11.20 or higher."
        }
      ],
      "source": {
        "advisory": "MMSA-2026-00653",
        "defect": [
          "https://mattermost.atlassian.net/browse/MM-68371"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Unscoped updates to other playbooks\u0027 metric configuration",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
    "assignerShortName": "Mattermost",
    "cveId": "CVE-2026-6541",
    "datePublished": "2026-07-13T10:53:15.958Z",
    "dateReserved": "2026-04-17T17:54:44.831Z",
    "dateUpdated": "2026-07-13T13:09:10.482Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-6444 (GCVE-0-2026-6444)

Vulnerability from cvelistv5 – Published: 2026-06-09 18:40 – Updated: 2026-06-09 20:00
VLAI
Summary
A flaw exists in the FlashArray Purity management interface where an authenticated low-privileged user may, under specific conditions, access functionality beyond their assigned privileges.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-639 - Authorization bypass through User-Controlled key
Assigner
Impacted products
Vendor Product Version
Everpure FlashArray Affected: 6.10.0 , ≤ 6.10.5 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-6444",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-09T20:00:47.463624Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-09T20:00:56.387Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FlashArray",
          "vendor": "Everpure",
          "versions": [
            {
              "lessThanOrEqual": "6.10.5",
              "status": "affected",
              "version": "6.10.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA flaw exists in the FlashArray Purity management interface where an authenticated low-privileged user may, under specific conditions, access functionality beyond their assigned privileges.\u003c/p\u003e"
            }
          ],
          "value": "A flaw exists in the FlashArray Purity management interface where an authenticated low-privileged user may, under specific conditions, access functionality beyond their assigned privileges."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "CWE-639 Authorization bypass through User-Controlled key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-09T18:40:26.171Z",
        "orgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
        "shortName": "Everpure"
      },
      "references": [
        {
          "url": "https://support.purestorage.com/bundle/m_security_bulletins/page/Pure_Security/topics/concept/c_security_bulletins.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
    "assignerShortName": "Everpure",
    "cveId": "CVE-2026-6444",
    "datePublished": "2026-06-09T18:40:26.171Z",
    "dateReserved": "2026-04-16T18:24:16.662Z",
    "dateUpdated": "2026-06-09T20:00:56.387Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation
Architecture and Design

For each and every data access, ensure that the user has sufficient privilege to access the record that is being requested.

Mitigation
Architecture and Design Implementation

Make sure that the key that is used in the lookup of a specific user's record is not controllable externally by the user or that any tampering can be detected.

Mitigation
Architecture and Design

Use encryption in order to make it more difficult to guess other legitimate values of the key or associate a digital signature with the key so that the server can verify that there has been no tampering.

No CAPEC attack patterns related to this CWE.