CWE-862
Allowed-with-ReviewMissing Authorization
Abstraction: Class · Status: Incomplete
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
14622 vulnerabilities reference this CWE, most recent first.
CVE-2026-2819 (GCVE-0-2026-2819)
Vulnerability from cvelistv5 – Published: 2026-02-20 01:32 – Updated: 2026-02-23 19:00| URL | Tags |
|---|---|
| https://vuldb.com/?id.346944 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.346944 | signaturepermissions-required |
| https://vuldb.com/?submit.753321 | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Dromara | RuoYi-Vue-Plus |
Affected:
5.5.0
Affected: 5.5.1 Affected: 5.5.2 Affected: 5.5.3 cpe:2.3:a:dromara:ruoyi-vue-plus:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2819",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-23T19:00:43.722153Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T19:00:57.578Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:dromara:ruoyi-vue-plus:*:*:*:*:*:*:*:*"
],
"modules": [
"Workflow Module"
],
"product": "RuoYi-Vue-Plus",
"vendor": "Dromara",
"versions": [
{
"status": "affected",
"version": "5.5.0"
},
{
"status": "affected",
"version": "5.5.1"
},
{
"status": "affected",
"version": "5.5.2"
},
{
"status": "affected",
"version": "5.5.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "feng123123 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Dromara RuoYi-Vue-Plus up to 5.5.3. This vulnerability affects the function SaServletFilter of the file /workflow/instance/deleteByInstanceIds of the component Workflow Module. The manipulation leads to missing authorization. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T10:29:51.667Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-346944 | Dromara RuoYi-Vue-Plus Workflow deleteByInstanceIds SaServletFilter authorization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.346944"
},
{
"name": "VDB-346944 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.346944"
},
{
"name": "Submit #753321 | Dromara RuoYi-Vue-Plus 5.5.3 Privilege Escalation",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.753321"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-02-19T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-02-22T07:44:52.000Z",
"value": "VulDB entry last update"
}
],
"title": "Dromara RuoYi-Vue-Plus Workflow deleteByInstanceIds SaServletFilter authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-2819",
"datePublished": "2026-02-20T01:32:06.214Z",
"dateReserved": "2026-02-19T17:12:58.633Z",
"dateUpdated": "2026-02-23T19:00:57.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2732 (GCVE-0-2026-2732)
Vulnerability from cvelistv5 – Published: 2026-03-04 06:26 – Updated: 2026-04-08 16:43- CWE-862 - Missing Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| shortpixel | Enable Media Replace |
Affected:
0 , ≤ 4.1.7
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2732",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-04T15:03:15.412334Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T15:03:24.405Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Enable Media Replace",
"vendor": "shortpixel",
"versions": [
{
"lessThanOrEqual": "4.1.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Or Benit"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Enable Media Replace plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the \u0027RemoveBackGroundViewController::load\u0027 function in all versions up to, and including, 4.1.7. This makes it possible for authenticated attackers, with Author-level access and above, to replace any attachment with a removed background attachment."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:43:53.355Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2c5f2dc8-67f7-4dbf-8631-f434522f1b53?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/enable-media-replace/tags/4.1.7/classes/ViewController/RemoveBackgroundViewController.php#L35"
},
{
"url": "https://plugins.trac.wordpress.org/browser/enable-media-replace/tags/4.1.7/classes/ViewController/RemoveBackgroundViewController.php#L68"
},
{
"url": "https://github.com/short-pixel-optimizer/enable-media-replace/commit/8ca282e68e5fcf8a8e4cecc1f0ab192c42b1dc66"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3473504/enable-media-replace#file26"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-19T06:51:10.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-03-03T18:17:08.000Z",
"value": "Disclosed"
}
],
"title": "Enable Media Replace \u003c= 4.1.7 - Improper Authorization to Authenticated (Author+) Arbitrary Attachment Change via Background Replace"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-2732",
"datePublished": "2026-03-04T06:26:53.170Z",
"dateReserved": "2026-02-19T06:33:05.462Z",
"dateUpdated": "2026-04-08T16:43:53.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2720 (GCVE-0-2026-2720)
Vulnerability from cvelistv5 – Published: 2026-03-21 03:27 – Updated: 2026-04-08 17:25- CWE-862 - Missing Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| codeclove | Hr Press Lite |
Affected:
0 , ≤ 1.0.2
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2720",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-23T16:58:51.351573Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T17:00:29.803Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hr Press Lite",
"vendor": "codeclove",
"versions": [
{
"lessThanOrEqual": "1.0.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Itthidej Aramsri"
},
{
"lang": "en",
"type": "finder",
"value": "Waris Damkham"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Hr Press Lite plugin for WordPress is vulnerable to unauthorized access of sensitive employee data due to a missing capability check on the `hrp-fetch-employees` AJAX action in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive employee information including names, email addresses, phone numbers, salary/pay rates, employment dates, and employment status."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:25:23.499Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d2a63b8e-e16e-4702-be1b-acc5c3e74b22?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/hr-press-lite/trunk/includes/HRP_Action.php#L1444"
},
{
"url": "https://plugins.trac.wordpress.org/browser/hr-press-lite/tags/1.0.2/includes/HRP_Action.php#L1444"
},
{
"url": "https://plugins.trac.wordpress.org/browser/hr-press-lite/trunk/admin/admin.php#L36"
},
{
"url": "https://plugins.trac.wordpress.org/browser/hr-press-lite/tags/1.0.2/admin/admin.php#L36"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-20T15:15:10.000Z",
"value": "Disclosed"
}
],
"title": "Hr Press Lite \u003c= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Employee Information Exposure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-2720",
"datePublished": "2026-03-21T03:27:06.398Z",
"dateReserved": "2026-02-18T21:16:02.973Z",
"dateUpdated": "2026-04-08T17:25:23.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2658 (GCVE-0-2026-2658)
Vulnerability from cvelistv5 – Published: 2026-02-18 17:02 – Updated: 2026-02-23 10:18| URL | Tags |
|---|---|
| https://vuldb.com/?id.346456 | vdb-entry |
| https://vuldb.com/?ctiid.346456 | signaturepermissions-required |
| https://vuldb.com/?submit.752797 | third-party-advisory |
| https://vuldb.com/?submit.752798 | third-party-advisory |
| https://vuldb.com/?submit.752799 | third-party-advisory |
| https://vuldb.com/?submit.752800 | third-party-advisory |
| https://vuldb.com/?submit.752801 | third-party-advisory |
| https://vuldb.com/?submit.752802 | third-party-advisory |
| https://vuldb.com/?submit.752803 | third-party-advisory |
| https://vuldb.com/?submit.752804 | third-party-advisory |
| https://vuldb.com/?submit.752805 | third-party-advisory |
| https://vuldb.com/?submit.752806 | third-party-advisory |
| https://github.com/newbee-ltd/newbee-mall/issues/106 | issue-tracking |
| https://github.com/newbee-ltd/newbee-mall/issues/107 | exploitissue-tracking |
| https://github.com/newbee-ltd/newbee-mall/ | product |
| Vendor | Product | Version | |
|---|---|---|---|
| newbee-ltd | newbee-mall |
Affected:
a069069b07027613bf0e7f571736be86f431faee
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2658",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-18T17:59:33.450780Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T17:59:51.640Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Multiple Endpoints"
],
"product": "newbee-mall",
"vendor": "newbee-ltd",
"versions": [
{
"status": "affected",
"version": "a069069b07027613bf0e7f571736be86f431faee"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "flashzyc (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in newbee-ltd newbee-mall up to a069069b07027613bf0e7f571736be86f431faee. Affected is an unknown function of the component Multiple Endpoints. Performing a manipulation results in cross-site request forgery. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T10:18:21.367Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-346456 | newbee-ltd newbee-mall Multiple Endpoints cross-site request forgery",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.346456"
},
{
"name": "VDB-346456 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.346456"
},
{
"name": "Submit #752797 | newbee-ltd newbee-mall v1.0 CSRF",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.752797"
},
{
"name": "Submit #752798 | newbee-ltd newbee-mall v1.0 CSRF (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.752798"
},
{
"name": "Submit #752799 | newbee-ltd newbee-mall v1.0 CSRF (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.752799"
},
{
"name": "Submit #752800 | newbee-ltd newbee-mall v1.0 CSRF (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.752800"
},
{
"name": "Submit #752801 | newbee-ltd newbee-mall v1.0 CSRF (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.752801"
},
{
"name": "Submit #752802 | newbee-ltd newbee-mall v1.0 CSRF (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.752802"
},
{
"name": "Submit #752803 | newbee-ltd newbee-mall v1.0 CSRF (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.752803"
},
{
"name": "Submit #752804 | newbee-ltd newbee-mall v1.0 CSRF (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.752804"
},
{
"name": "Submit #752805 | newbee-ltd newbee-mall v1.0 CSRF (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.752805"
},
{
"name": "Submit #752806 | newbee-ltd newbee-mall v1.0 CSRF (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.752806"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/newbee-ltd/newbee-mall/issues/106"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/newbee-ltd/newbee-mall/issues/107"
},
{
"tags": [
"product"
],
"url": "https://github.com/newbee-ltd/newbee-mall/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-18T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-02-18T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-02-18T08:02:07.000Z",
"value": "VulDB entry last update"
}
],
"title": "newbee-ltd newbee-mall Multiple Endpoints cross-site request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-2658",
"datePublished": "2026-02-18T17:02:07.013Z",
"dateReserved": "2026-02-18T06:55:12.547Z",
"dateUpdated": "2026-02-23T10:18:21.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2651 (GCVE-0-2026-2651)
Vulnerability from cvelistv5 – Published: 2026-05-25 06:00 – Updated: 2026-07-15 02:49| URL | Tags |
|---|---|
| https://huntr.com/bounties/65beb119-d3e0-4e03-af2… | |
| https://github.com/mlflow/mlflow/commit/d7290811d… | |
| https://access.redhat.com/security/cve/CVE-2026-2651 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2481117 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| Vendor | Product | Version | |
|---|---|---|---|
| mlflow | mlflow/mlflow |
Affected:
unspecified , < 3.10.0
(custom)
|
|
| Red Hat | Red Hat OpenShift AI (RHOAI) |
cpe:/a:redhat:openshift_ai |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2651",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T03:55:35.963Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://huntr.com/bounties/65beb119-d3e0-4e03-af2f-fa98f78f83dc"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"packageName": "rhoai/odh-mlflow-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"packageName": "rhoai/odh-pipeline-runtime-datascience-cpu-py312-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"packageName": "rhoai/odh-pipeline-runtime-pytorch-cuda-py312-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"packageName": "rhoai/odh-pipeline-runtime-pytorch-llmcompressor-cuda-py312-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"packageName": "rhoai/odh-pipeline-runtime-pytorch-rocm-py312-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"packageName": "rhoai/odh-pipeline-runtime-tensorflow-cuda-py312-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"packageName": "rhoai/odh-pipeline-runtime-tensorflow-rocm-py312-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"packageName": "rhoai/odh-th06-cpu-torch210-py312-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"packageName": "rhoai/odh-th06-cuda130-torch210-py312-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"packageName": "rhoai/odh-th06-rocm64-torch291-py312-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"packageName": "rhoai/odh-training-cuda128-torch29-py312-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"packageName": "rhoai/odh-workbench-codeserver-datascience-cpu-py312-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"packageName": "rhoai/odh-workbench-jupyter-datascience-cpu-py312-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"packageName": "rhoai/odh-workbench-jupyter-pytorch-cuda-py312-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"packageName": "rhoai/odh-workbench-jupyter-pytorch-llmcompressor-cuda-py312-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"packageName": "rhoai/odh-workbench-jupyter-pytorch-rocm-py312-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"packageName": "rhoai/odh-workbench-jupyter-tensorflow-cuda-py312-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"packageName": "rhoai/odh-workbench-jupyter-tensorflow-rocm-py312-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"packageName": "rhoai/odh-workbench-jupyter-trustyai-cpu-py312-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
}
],
"datePublic": "2026-05-25T06:00:34.002Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in MLflow when the `--serve-artifacts` mode is enabled. A remote attacker can exploit this vulnerability due to insufficient resource-level permission checks for multipart upload (MPU) endpoints. This allows the attacker to overwrite artifacts belonging to other users, which can lead to model supply chain poisoning and potentially arbitrary code execution when compromised models are loaded."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Critical"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1220",
"description": "Insufficient Granularity of Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T02:49:04.921Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-2651"
},
{
"name": "RHBZ#2481117",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481117"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2651.json"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-25T07:00:55.073Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-05-25T06:00:34.002Z",
"value": "Made public."
}
],
"title": "github.com/mlflow/mlflow: MLflow: Arbitrary code execution via unauthorized multipart upload access",
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "mlflow/mlflow",
"vendor": "mlflow",
"versions": [
{
"lessThan": "3.10.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in MLflow versions \u003c=3.10.1.dev0 allows unauthorized access to multipart upload (MPU) endpoints when the `--serve-artifacts` mode is enabled. The authorization logic does not enforce resource-level permission checks for `/mlflow-artifacts/mpu/*` endpoints, enabling attackers to overwrite artifacts belonging to other users. This can lead to unauthorized cross-user writes, model supply chain poisoning, and arbitrary code execution when compromised models are loaded. The issue is resolved in version 3.10.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-25T06:00:34.002Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/65beb119-d3e0-4e03-af2f-fa98f78f83dc"
},
{
"url": "https://github.com/mlflow/mlflow/commit/d7290811d8f3c95366d80109424edc1fb1ad966f"
}
],
"source": {
"advisory": "65beb119-d3e0-4e03-af2f-fa98f78f83dc",
"discovery": "EXTERNAL"
},
"title": "Missing Authorization Validation in mlflow/mlflow"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2026-2651",
"datePublished": "2026-05-25T06:00:34.002Z",
"dateReserved": "2026-02-18T01:33:23.276Z",
"dateUpdated": "2026-07-15T02:49:04.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2633 (GCVE-0-2026-2633)
Vulnerability from cvelistv5 – Published: 2026-02-18 06:42 – Updated: 2026-04-08 17:11- CWE-862 - Missing Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor |
Affected:
0 , ≤ 3.6.1
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2633",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-18T14:19:51.901936Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T14:20:06.984Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Kadence Blocks \u2014 Page Builder Toolkit for Gutenberg Editor",
"vendor": "stellarwp",
"versions": [
{
"lessThanOrEqual": "3.6.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ali S\u00fcnb\u00fcl"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the `process_image_data_ajax_callback()` function which handles the `kadence_import_process_image_data` AJAX action. The function\u0027s authorization check via `verify_ajax_call()` only validates `edit_posts` capability but fails to check for the `upload_files` capability. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary images from remote URLs to the WordPress Media Library, bypassing the standard WordPress capability restriction that prevents Contributors from uploading files."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:11:22.271Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9c06e0a9-a13a-4cee-a1a5-c43c114b2dbf?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/kadence-blocks/tags/3.5.32/includes/class-kadence-blocks-prebuilt-library.php#L789"
},
{
"url": "https://plugins.trac.wordpress.org/browser/kadence-blocks/tags/3.5.32/includes/class-kadence-blocks-prebuilt-library.php#L1177"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3454881%40kadence-blocks%2Ftrunk\u0026old=3453204%40kadence-blocks%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-03T19:20:21.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-02-17T17:43:19.000Z",
"value": "Disclosed"
}
],
"title": "Gutenberg Blocks with AI by Kadence WP \u003c= 3.6.1 - Missing Authorization to Authenticated (Contributor+) Unauthorized Media Upload"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-2633",
"datePublished": "2026-02-18T06:42:42.888Z",
"dateReserved": "2026-02-17T17:42:46.510Z",
"dateUpdated": "2026-04-08T17:11:22.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2608 (GCVE-0-2026-2608)
Vulnerability from cvelistv5 – Published: 2026-02-17 11:20 – Updated: 2026-04-08 16:33- CWE-862 - Missing Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor |
Affected:
0 , ≤ 3.5.32
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2608",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T14:28:09.887675Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T14:28:19.816Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Kadence Blocks \u2014 Page Builder Toolkit for Gutenberg Editor",
"vendor": "stellarwp",
"versions": [
{
"lessThanOrEqual": "3.5.32",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "JohSka"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Kadence Blocks \u2014 Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.5.32. This makes it possible for authenticated attackers, with Contributor-level access and above, to perform an unauthorized action."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:33:30.973Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/05dd1686-76e3-498b-80b8-c4befc545fc8?source=cve"
},
{
"url": "https://vdp.patchstack.com/database/wordpress/plugin/kadence-blocks/vulnerability/wordpress-gutenberg-blocks-with-ai-by-kadence-wp-plugin-3-5-32-incorrect-authorization-to-authenticated-contributor-post-publication-vulnerability"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?old_path=/kadence-blocks/tags/3.5.32\u0026new_path=/kadence-blocks/tags/3.6.0\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-16T22:38:23.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-02-11T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Gutenberg Blocks by Kadence Blocks \u003c= 3.5.32 - Missing Authorization"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-2608",
"datePublished": "2026-02-17T11:20:37.133Z",
"dateReserved": "2026-02-16T22:23:22.829Z",
"dateUpdated": "2026-04-08T16:33:30.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2601 (GCVE-0-2026-2601)
Vulnerability from cvelistv5 – Published: 2026-05-27 17:55 – Updated: 2026-05-27 19:04- CWE-862 - Missing Authorization
| URL | Tags |
|---|---|
| https://hackerone.com/reports/3556381 | technical-descriptionexploitpermissions-required |
| https://gitlab.com/gitlab-org/gitlab/-/work_items… | |
| https://about.gitlab.com/releases/2026/05/27/patc… |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2601",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T19:00:57.399478Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T19:04:49.153Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "18.10.7",
"status": "affected",
"version": "11.5",
"versionType": "semver"
},
{
"lessThan": "18.11.4",
"status": "affected",
"version": "18.11",
"versionType": "semver"
},
{
"lessThan": "19.0.1",
"status": "affected",
"version": "19.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks [modhanami](https://hackerone.com/modhanami) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"descriptions": [
{
"lang": "en",
"value": "GitLab has remediated an issue in GitLab EE affecting all versions from 11.5 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to access sensitive deployment data on projects due to improper authorization checks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T17:55:38.935Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"name": "HackerOne Bug Bounty Report #3556381",
"tags": [
"technical-description",
"exploit",
"permissions-required"
],
"url": "https://hackerone.com/reports/3556381"
},
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/590389"
},
{
"url": "https://about.gitlab.com/releases/2026/05/27/patch-release-gitlab-19-0-1-released/"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 18.10.7, 18.11.4, 19.0.1 or above."
}
],
"title": "Missing Authorization in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2026-2601",
"datePublished": "2026-05-27T17:55:38.935Z",
"dateReserved": "2026-02-16T21:04:09.684Z",
"dateUpdated": "2026-05-27T19:04:49.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2559 (GCVE-0-2026-2559)
Vulnerability from cvelistv5 – Published: 2026-03-18 15:28 – Updated: 2026-04-08 16:45- CWE-862 - Missing Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App |
Affected:
0 , ≤ 3.8.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2559",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-18T17:06:23.958716Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-18T17:06:32.930Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Post SMTP \u2013 Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP \u0026 Mobile App",
"vendor": "saadiqbal",
"versions": [
{
"lessThanOrEqual": "3.8.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Iden"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Post SMTP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `handle_office365_oauth_redirect()` function in all versions up to, and including, 3.8.0. This is due to the function being hooked to `admin_init` without any `current_user_can()` check or nonce verification. This makes it possible for authenticated attackers, with Subscriber-level access and above, to overwrite the site\u0027s Office 365 OAuth mail configuration (access token, refresh token, and user email) via a crafted URL. The configuration option is used during wizard setup of Microsoft365 SMTP, only available in the Pro option of the plugin. This could cause an Administrator to believe an attacker-controlled Azure app is their own, and lead them to connect the plugin to the attacker\u0027s account during configuration after upgrading to Pro."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:45:16.533Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/323436b5-fbfe-4923-8b08-93c1fcabc016?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/post-smtp/trunk/Postman/Wizard/NewWizard.php#L2109"
},
{
"url": "https://plugins.trac.wordpress.org/browser/post-smtp/trunk/Postman/Wizard/NewWizard.php#L104"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3484515/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-15T19:21:39.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-03-17T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Post SMTP \u003c= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Office 365 OAuth Configuration Overwrite"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-2559",
"datePublished": "2026-03-18T15:28:28.190Z",
"dateReserved": "2026-02-15T19:05:42.476Z",
"dateUpdated": "2026-04-08T16:45:16.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2518 (GCVE-0-2026-2518)
Vulnerability from cvelistv5 – Published: 2026-05-22 04:29 – Updated: 2026-05-22 12:21- CWE-862 - Missing Authorization
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2518",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-22T12:21:11.744190Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-22T12:21:18.173Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FastX",
"vendor": "wpxpo",
"versions": [
{
"lessThanOrEqual": "1.0.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Itthidej Aramsri"
}
],
"descriptions": [
{
"lang": "en",
"value": "The FastX theme for WordPress is vulnerable to unauthorized limited plugin installation and activation due to missing capability checks on the \u0027ultp_install_callback\u0027 and \u0027ultp_activate_callback\u0027 functions in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate the PostX plugin."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-22T04:29:03.590Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6f5c4194-4f97-4f85-af90-e983ba9ce3a6?source=cve"
},
{
"url": "https://themes.trac.wordpress.org/browser/fastx/1.0.2/classes/Initialization.php#L264"
},
{
"url": "https://themes.trac.wordpress.org/browser/fastx/1.0.2/classes/Initialization.php#L249"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-21T15:59:58.000Z",
"value": "Disclosed"
}
],
"title": "FastX \u003c= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Installation and Activation"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-2518",
"datePublished": "2026-05-22T04:29:03.590Z",
"dateReserved": "2026-02-15T05:47:15.710Z",
"dateUpdated": "2026-05-22T12:21:18.173Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
- Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
- Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].
Mitigation MIT-4.4
Strategy: Libraries or Frameworks
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
- For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
- One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.
CAPEC-665: Exploitation of Thunderbolt Protection Flaws
An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.