Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-46413

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-09 Jul, 2026 | 21:55
Updated At-10 Jul, 2026 | 14:32
Rejected At-
Credits

Discourse: Regular users can route multipart uploads into the admin backup store

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, regular users could route direct S3 multipart uploads through ExternalUploadManager into the admin backup store. This issue is fixed in versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:09 Jul, 2026 | 21:55
Updated At:10 Jul, 2026 | 14:32
Rejected At:
â–¼CVE Numbering Authority (CNA)
Discourse: Regular users can route multipart uploads into the admin backup store

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, regular users could route direct S3 multipart uploads through ExternalUploadManager into the admin backup store. This issue is fixed in versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5.

Affected Products
Vendor
Civilized Discourse Construction Kit, Inc.discourse
Product
discourse
Versions
Affected
  • >= 2026.1.0-latest, < 2026.1.5
  • >= 2026.4.0-latest, < 2026.4.2
  • >= 2026.5.0-latest, < 2026.5.1
Problem Types
TypeCWE IDDescription
CWECWE-862CWE-862: Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: CWE-862: Missing Authorization
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/discourse/discourse/security/advisories/GHSA-3mvf-q9rg-w6m7
x_refsource_CONFIRM
https://github.com/discourse/discourse/commit/1f1ded8dd361d81786bff17b35e1138d6ee299c0
x_refsource_MISC
https://github.com/discourse/discourse/commit/7ddde266617b452152c1bf5f903f6c07be38fc40
x_refsource_MISC
https://github.com/discourse/discourse/commit/a53df26dcf7e50ce2b20bfd5454a0c9d44b8fc7d
x_refsource_MISC
https://github.com/discourse/discourse/commit/abaa664c5df84026efb2ca264ba0f5586c3f2b01
x_refsource_MISC
https://github.com/discourse/discourse/releases/tag/v2026.1.5
x_refsource_MISC
https://github.com/discourse/discourse/releases/tag/v2026.4.2
x_refsource_MISC
https://github.com/discourse/discourse/releases/tag/v2026.5.1
x_refsource_MISC
https://github.com/discourse/discourse/releases/tag/v2026.6.0
x_refsource_MISC
Hyperlink: https://github.com/discourse/discourse/security/advisories/GHSA-3mvf-q9rg-w6m7
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/discourse/discourse/commit/1f1ded8dd361d81786bff17b35e1138d6ee299c0
Resource:
x_refsource_MISC
Hyperlink: https://github.com/discourse/discourse/commit/7ddde266617b452152c1bf5f903f6c07be38fc40
Resource:
x_refsource_MISC
Hyperlink: https://github.com/discourse/discourse/commit/a53df26dcf7e50ce2b20bfd5454a0c9d44b8fc7d
Resource:
x_refsource_MISC
Hyperlink: https://github.com/discourse/discourse/commit/abaa664c5df84026efb2ca264ba0f5586c3f2b01
Resource:
x_refsource_MISC
Hyperlink: https://github.com/discourse/discourse/releases/tag/v2026.1.5
Resource:
x_refsource_MISC
Hyperlink: https://github.com/discourse/discourse/releases/tag/v2026.4.2
Resource:
x_refsource_MISC
Hyperlink: https://github.com/discourse/discourse/releases/tag/v2026.5.1
Resource:
x_refsource_MISC
Hyperlink: https://github.com/discourse/discourse/releases/tag/v2026.6.0
Resource:
x_refsource_MISC
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:09 Jul, 2026 | 22:17
Updated At:14 Jul, 2026 | 20:41

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, regular users could route direct S3 multipart uploads through ExternalUploadManager into the admin backup store. This issue is fixed in versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
N/A
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Civilized Discourse Construction Kit, Inc.
discourse
>>discourse>>Versions from 2026.1.0(inclusive) to 2026.1.5(exclusive)
cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*
Civilized Discourse Construction Kit, Inc.
discourse
>>discourse>>Versions from 2026.4.0(inclusive) to 2026.4.2(exclusive)
cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*
Civilized Discourse Construction Kit, Inc.
discourse
>>discourse>>Versions from 2026.5.0(inclusive) to 2026.5.1(exclusive)
cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*
Civilized Discourse Construction Kit, Inc.
discourse
>>discourse>>2026.6.0
cpe:2.3:a:discourse:discourse:2026.6.0:*:*:*:latest:*:*:*
Weaknesses
CWE IDTypeSource
CWE-862Secondarysecurity-advisories@github.com
CWE ID: CWE-862
Type: Secondary
Source: security-advisories@github.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/discourse/discourse/commit/1f1ded8dd361d81786bff17b35e1138d6ee299c0security-advisories@github.com
Patch
https://github.com/discourse/discourse/commit/7ddde266617b452152c1bf5f903f6c07be38fc40security-advisories@github.com
Patch
https://github.com/discourse/discourse/commit/a53df26dcf7e50ce2b20bfd5454a0c9d44b8fc7dsecurity-advisories@github.com
Patch
https://github.com/discourse/discourse/commit/abaa664c5df84026efb2ca264ba0f5586c3f2b01security-advisories@github.com
Patch
https://github.com/discourse/discourse/releases/tag/v2026.1.5security-advisories@github.com
Release Notes
https://github.com/discourse/discourse/releases/tag/v2026.4.2security-advisories@github.com
Release Notes
https://github.com/discourse/discourse/releases/tag/v2026.5.1security-advisories@github.com
Release Notes
https://github.com/discourse/discourse/releases/tag/v2026.6.0security-advisories@github.com
Release Notes
https://github.com/discourse/discourse/security/advisories/GHSA-3mvf-q9rg-w6m7security-advisories@github.com
Vendor Advisory
Mitigation
Hyperlink: https://github.com/discourse/discourse/commit/1f1ded8dd361d81786bff17b35e1138d6ee299c0
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/discourse/discourse/commit/7ddde266617b452152c1bf5f903f6c07be38fc40
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/discourse/discourse/commit/a53df26dcf7e50ce2b20bfd5454a0c9d44b8fc7d
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/discourse/discourse/commit/abaa664c5df84026efb2ca264ba0f5586c3f2b01
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/discourse/discourse/releases/tag/v2026.1.5
Source: security-advisories@github.com
Resource:
Release Notes
Hyperlink: https://github.com/discourse/discourse/releases/tag/v2026.4.2
Source: security-advisories@github.com
Resource:
Release Notes
Hyperlink: https://github.com/discourse/discourse/releases/tag/v2026.5.1
Source: security-advisories@github.com
Resource:
Release Notes
Hyperlink: https://github.com/discourse/discourse/releases/tag/v2026.6.0
Source: security-advisories@github.com
Resource:
Release Notes
Hyperlink: https://github.com/discourse/discourse/security/advisories/GHSA-3mvf-q9rg-w6m7
Source: security-advisories@github.com
Resource:
Vendor Advisory
Mitigation

Change History

0
Information is not available yet

Similar CVEs

287Records found

CVE-2026-45085
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 11.56%
||
7 Day CHG+0.01%
Published-12 Jun, 2026 | 20:25
Updated-17 Jun, 2026 | 18:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Discourse: Chat misauthorization and information disclosure

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, four authorization/disclosure issues in the chat plugin (one also involving discourse-calendar): read-only category users could create chat threads, self-deleted chat messages could be restored by their author after channel access was revoked, moderators reviewing a flagged chat message were shown the channel's current last_message (often unrelated DM content), and calendar event payloads exposed the attached chat channel and its last message to viewers without chat access (including anonymous users). This affects sites with the chat plugin enabled; the calendar issue additionally requires discourse-calendar. This issue has been patched in versions 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1.

Action-Not Available
Vendor-Civilized Discourse Construction Kit, Inc.
Product-discoursediscourse
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-862
Missing Authorization
CVE-2026-33423
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-1.3||LOW
EPSS-0.20% / 9.76%
||
7 Day CHG~0.00%
Published-20 Mar, 2026 | 23:06
Updated-25 Mar, 2026 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Discourse staff can modify any user's group notification level

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, staff can modify any user's group notification level. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available.

Action-Not Available
Vendor-Civilized Discourse Construction Kit, Inc.
Product-discoursediscourse
CWE ID-CWE-862
Missing Authorization
CVE-2026-33514
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-6||MEDIUM
EPSS-0.25% / 16.32%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 00:59
Updated-01 Jun, 2026 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Discourse: Information Disclosure in Form Template API Due to Missing Authorization

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, an authenticated user on a Discourse instance with the form templates feature enabled can read the name and structured content of form templates that are intended exclusively for categories they are not authorized to access. Impact is limited to disclosure of site configuration metadata. This issue has been fixed in versions 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1.

Action-Not Available
Vendor-Civilized Discourse Construction Kit, Inc.
Product-discoursediscourse
CWE ID-CWE-862
Missing Authorization
CVE-2026-30889
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.28% / 19.81%
||
7 Day CHG~0.00%
Published-20 Mar, 2026 | 02:59
Updated-24 Mar, 2026 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Discourse has Unauthorized Post Data Exposure in discourse-user-notes

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a moderator could exploit insufficient authorization checks to access metadata of posts they should not have permission to view. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch.

Action-Not Available
Vendor-Civilized Discourse Construction Kit, Inc.
Product-discoursediscourse
CWE ID-CWE-862
Missing Authorization
CVE-2026-29072
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-0.23% / 13.93%
||
7 Day CHG~0.00%
Published-19 Mar, 2026 | 21:49
Updated-23 Mar, 2026 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Discourse missing permission check for policy creation in discourse-policy

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, users who do not belong to the allowed policy creation groups can create functional policy acceptance widgets in posts under the right conditions. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. As a workaround, disable the discourse-policy plugin by disabling the `policy_enabled` site setting.

Action-Not Available
Vendor-Civilized Discourse Construction Kit, Inc.
Product-discoursediscourse
CWE ID-CWE-862
Missing Authorization
CVE-2026-34154
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-2.1||LOW
EPSS-0.21% / 11.82%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 18:41
Updated-02 Jun, 2026 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Discourse has a subscription access bypass in its discourse-subscriptions plugin

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, a vulnerability in the discourse-subscriptions plugin allows users to gain access to subscription-gated groups without completing payment. This issue has been fixed in versions 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1.

Action-Not Available
Vendor-Civilized Discourse Construction Kit, Inc.
Product-discoursediscourse
CWE ID-CWE-862
Missing Authorization
CVE-2022-36068
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-7.2||HIGH
EPSS-0.72% / 49.74%
||
7 Day CHG+0.01%
Published-29 Sep, 2022 | 19:45
Updated-23 Apr, 2025 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Discourse moderators can edit themes via the API

Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, a moderator can create new and edit existing themes by using the API when they should not be able to do so. The problem is patched in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds.

Action-Not Available
Vendor-Civilized Discourse Construction Kit, Inc.
Product-discoursediscourse
CWE ID-CWE-862
Missing Authorization
CVE-2026-33426
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-3.5||LOW
EPSS-0.16% / 5.56%
||
7 Day CHG~0.00%
Published-20 Mar, 2026 | 23:14
Updated-24 Mar, 2026 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Discourse users can edit or synonymize hidden tags they can't see

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, users with tag-editing permissions could edit and create synonyms for tags hidden in restricted tag groups, even if they lacked visibility into those tags. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available.

Action-Not Available
Vendor-Civilized Discourse Construction Kit, Inc.
Product-discoursediscourse
CWE ID-CWE-862
Missing Authorization
CVE-2026-27151
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-1.3||LOW
EPSS-0.15% / 5.01%
||
7 Day CHG~0.00%
Published-26 Feb, 2026 | 19:57
Updated-03 Mar, 2026 | 01:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Discourse doesn't validate destination topic when moving posts

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the `move_posts` action only checked `can_move_posts?` on the source topic but never validated write permissions on the destination topic. This allowed TL4 users and category group moderators to move posts into topics in categories where they lack posting privileges (e.g., read-only categories or categories with group-restricted write access). Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known workarounds are available.

Action-Not Available
Vendor-Civilized Discourse Construction Kit, Inc.
Product-discoursediscourse
CWE ID-CWE-862
Missing Authorization
CVE-2026-27491
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.33% / 24.74%
||
7 Day CHG~0.00%
Published-19 Mar, 2026 | 20:47
Updated-25 Mar, 2026 | 01:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Discourse has a bypass of official warnings messages by non-staff users

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a type coercion issue in a post actions API endpoint allowed non-staff users to issue warnings to other users. Warnings are a staff-only moderation feature. The vulnerability required the attacker to be a logged-in user and to send a specifically crafted request. No data exposure or privilege escalation beyond the ability to create unauthorized user warnings was possible. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available.

Action-Not Available
Vendor-Civilized Discourse Construction Kit, Inc.
Product-discoursediscourse
CWE ID-CWE-862
Missing Authorization
CVE-2022-31095
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.54% / 41.88%
||
7 Day CHG~0.00%
Published-21 Jun, 2022 | 19:00
Updated-23 Apr, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Exposure of Sensitive Information in discourse-chat

discourse-chat is a chat plugin for the Discourse application. Versions prior to 0.4 are vulnerable to an exposure of sensitive information, where an attacker who knows the message ID for a channel they do not have access to can view that message using the chat message lookup endpoint, primarily affecting direct message channels. There are no known workarounds for this issue, and users are advised to update the plugin.

Action-Not Available
Vendor-Civilized Discourse Construction Kit, Inc.
Product-discourse-chatdiscourse-chat
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-862
Missing Authorization
CVE-2026-33425
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.21% / 10.79%
||
7 Day CHG~0.00%
Published-20 Mar, 2026 | 23:12
Updated-24 Mar, 2026 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Discourse has inferable private group membership or existence via exclude_groups parameter

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, unauthenticated users can determine whether a specific user is a member of a private group by observing changes in directory results when using the `exclude_groups` parameter. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. As a workaround, disable public access to the user directory via Admin → Settings → hide user profiles from public.

Action-Not Available
Vendor-Civilized Discourse Construction Kit, Inc.
Product-discoursediscourse
CWE ID-CWE-203
Observable Discrepancy
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CWE ID-CWE-862
Missing Authorization
CVE-2026-27150
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-1.3||LOW
EPSS-0.15% / 4.88%
||
7 Day CHG~0.00%
Published-26 Feb, 2026 | 19:55
Updated-03 Mar, 2026 | 01:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Discourse doesn't ensure guardian check when creating QueryGroupBookmark

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, missing `validate_before_create` authorization in Data Explorer's `QueryGroupBookmarkable` allows any logged-in user to create bookmarks for query groups they don't have access to, enabling metadata disclosure via bookmark reminder notifications. Versions 2025.12.2, 2026.1.1, and 2026.2.0 fix this issue and also make sure `validate_before_create` throws NotImplementedError in BaseBookmarkable if not implemented, to prevent similar issues in the future. No known workarounds are available.

Action-Not Available
Vendor-Civilized Discourse Construction Kit, Inc.
Product-discoursediscourse
CWE ID-CWE-862
Missing Authorization
CVE-2026-27454
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.39% / 31.06%
||
7 Day CHG~0.00%
Published-19 Mar, 2026 | 20:39
Updated-25 Mar, 2026 | 01:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Discourse has check revision visibility on posts endpoint

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, requesting /posts/:id.json?version=X bypassed authorization checks on post revisions. The display_post method called post.revert_to directly without verifying whether the revision was hidden or if the user had permission to view edit history. This meant hidden revisions (intentionally concealed by staff) could be read by any user by simply enumerating version numbers. Starting in versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, Discourse looks up the PostRevision and call guardian.ensure_can_see! before reverting, consistent with how the /posts/:id/revisions/:revision endpoint already authorizes access. No known workarounds are available.

Action-Not Available
Vendor-Civilized Discourse Construction Kit, Inc.
Product-discoursediscourse
CWE ID-CWE-862
Missing Authorization
CVE-2024-36113
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.42% / 33.87%
||
7 Day CHG~0.00%
Published-03 Jul, 2024 | 19:07
Updated-18 Sep, 2024 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Discourse missing authorization checks for suspending admins/moderators

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch, version 3.3.0.beta3 on the `beta` branch, and version 3.3.0.beta4-dev on the `tests-passed` branch, a rogue staff user could suspend other staff users preventing them from logging in to the site. The issue is patched in version 3.2.3 on the `stable` branch, version 3.3.0.beta3 on the `beta` branch, and version 3.3.0.beta4-dev on the `tests-passed` branch. No known workarounds are available.

Action-Not Available
Vendor-Civilized Discourse Construction Kit, Inc.
Product-discoursediscourse
CWE ID-CWE-862
Missing Authorization
CVE-2026-27021
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.28% / 19.94%
||
7 Day CHG~0.00%
Published-26 Feb, 2026 | 19:50
Updated-02 Mar, 2026 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Discourse: Poll voters endpoint lacked post visibility checks

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the voters endpoint in the poll plugin lacked post visibility checks which allowed unauthorized access to voters details of polls in any post. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known workarounds are available.

Action-Not Available
Vendor-Civilized Discourse Construction Kit, Inc.
Product-discoursediscourse
CWE ID-CWE-862
Missing Authorization
CVE-2026-26979
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-Not Assigned
EPSS-0.17% / 6.45%
||
7 Day CHG~0.00%
Published-26 Feb, 2026 | 19:25
Updated-02 Mar, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Discourse: TL4 users are able to change status of restricted topics

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, TL4 users are able to close, archive and pin topics in private categories they don't have access to. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known workarounds are available.

Action-Not Available
Vendor-Civilized Discourse Construction Kit, Inc.
Product-discoursediscourse
CWE ID-CWE-862
Missing Authorization
CVE-2026-26207
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.15% / 4.69%
||
7 Day CHG~0.00%
Published-26 Feb, 2026 | 15:04
Updated-02 Mar, 2026 | 21:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DIscourse's discourse-policy plugin lacks post access check

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, `discourse-policy` plugin allows any authenticated user to interact with policies on posts they do not have permission to view. The `PolicyController` loads posts by ID without verifying the current user's access, enabling policy group members to accept/unaccept policies on posts in private categories or PMs they cannot see and any authenticated user to enumerate which post IDs have policies attached via differentiated error responses (information disclosure). The issue is patched in versions 2025.12.2, 2026.1.1, and 2026.2.0 by adding a `guardian.can_see?(@post)` check in the `set_post` before_action, ensuring post visibility is verified before any policy action is processed. As a workaround, disabling the discourse-policy plugin (`policy_enabled = false`) eliminates the vulnerability. There is no other workaround without upgrading.

Action-Not Available
Vendor-Civilized Discourse Construction Kit, Inc.
Product-discoursediscourse
CWE ID-CWE-862
Missing Authorization
CVE-2026-21865
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 12.75%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 19:51
Updated-30 Jan, 2026 | 20:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Discourse topic conversion permission vulnerability for moderators

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, moderators can convert some personal messages to public topics when they shouldn't have access. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. As a workaround, site admin can temporarily revoke the moderation role from untrusted moderators or remove the moderator group from the "personal message enabled groups" site setting until the Discourse instance has been upgraded to a version that has been patched.

Action-Not Available
Vendor-Civilized Discourse Construction Kit, Inc.
Product-discoursediscourse
CWE ID-CWE-862
Missing Authorization
CVE-2025-68479
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.17% / 6.58%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 18:34
Updated-30 Jan, 2026 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Discourse subscriptions are susceptible to takeover

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, some subscription endpoints lack proper checking for ownership before making changes. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. No known workarounds are available.

Action-Not Available
Vendor-Civilized Discourse Construction Kit, Inc.
Product-discoursediscourse
CWE ID-CWE-862
Missing Authorization
CVE-2025-24972
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.35% / 27.29%
||
7 Day CHG~0.00%
Published-26 Mar, 2025 | 14:15
Updated-27 Mar, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Discourse may bypass user preference when adding users to chat groups

Discourse is an open-source discussion platform. Prior to versions `3.3.4` on the `stable` branch and `3.4.0.beta5` on the `beta` branch, in specific circumstances, users could be added to group direct messages despite disabling direct messaging in their preferences. Versions `3.3.4` and `3.4.0.beta5` contain a patch for the issue. A workaround is available. If a user disables chat in their preferences then they cannot be added to new group chats.

Action-Not Available
Vendor-Civilized Discourse Construction Kit, Inc.
Product-discourse
CWE ID-CWE-862
Missing Authorization
CVE-2026-33427
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-2.7||LOW
EPSS-0.21% / 10.99%
||
7 Day CHG~0.00%
Published-20 Mar, 2026 | 23:20
Updated-24 Mar, 2026 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Discourse Authorization Page Displays Unvalidated Redirect Domain

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an unauthenticated attacker can cause a legitimate Discourse authorization page to display an attacker-controlled domain, facilitating social engineering attacks against users. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available.

Action-Not Available
Vendor-Civilized Discourse Construction Kit, Inc.
Product-discoursediscourse
CWE ID-CWE-862
Missing Authorization
CVE-2026-33408
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-2.2||LOW
EPSS-0.28% / 19.65%
||
7 Day CHG~0.00%
Published-19 Mar, 2026 | 22:35
Updated-24 Mar, 2026 | 20:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Discourse has Improper Authorization in "Post Edits" Report For Moderators

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, moderators were able to see the first 40 characters of post edits in PMs and private categories. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available.

Action-Not Available
Vendor-Civilized Discourse Construction Kit, Inc.
Product-discoursediscourse
CWE ID-CWE-862
Missing Authorization
CVE-2026-57355
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 21.85%
||
7 Day CHG~0.00%
Published-02 Jul, 2026 | 11:15
Updated-02 Jul, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Classified Listing plugin <= 5.4.2 - Broken Access Control vulnerability

Subscriber Broken Access Control in Classified Listing <= 5.4.2 versions.

Action-Not Available
Vendor-RadiusTheme
Product-Classified Listing
CWE ID-CWE-862
Missing Authorization
CVE-2019-14786
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.38% / 69.04%
||
7 Day CHG~0.00%
Published-15 Aug, 2019 | 15:47
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter.

Action-Not Available
Vendor-rankmathn/a
Product-seon/a
CWE ID-CWE-862
Missing Authorization
CVE-2026-56402
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-7.1||HIGH
EPSS-0.21% / 11.62%
||
7 Day CHG~0.00%
Published-23 Jun, 2026 | 15:34
Updated-14 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NanoClaw < 2.1.17 - Privilege Escalation via Unverified Approval Response Handler

NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the handleApprovalsResponse function that fails to verify responder role authorization. Attackers with a valid questionId can approve or reject privileged actions like package installation by submitting approval response payloads without proper role validation.

Action-Not Available
Vendor-nanocoai
Product-nanoclaw
CWE ID-CWE-862
Missing Authorization
CVE-2023-2784
Matching Score-4
Assigner-Mattermost, Inc.
ShareView Details
Matching Score-4
Assigner-Mattermost, Inc.
CVSS Score-4.2||MEDIUM
EPSS-0.32% / 24.25%
||
7 Day CHG~0.00%
Published-16 Jun, 2023 | 08:41
Updated-06 Dec, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apps Framework allows install requests from regular members via an internal path

Mattermost fails to verify if the requestor is a sysadmin or not, before allowing `install` requests to the Apps allowing a regular user send install requests to the Apps.

Action-Not Available
Vendor-Mattermost, Inc.
Product-mattermostMattermost App Framework
CWE ID-CWE-862
Missing Authorization
CVE-2024-5710
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.3||MEDIUM
EPSS-0.41% / 32.82%
||
7 Day CHG~0.00%
Published-27 Jun, 2024 | 18:41
Updated-15 Oct, 2025 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in Team Management in berriai/litellm

berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding or deleting any member to or from any teams. The vulnerability stems from insufficient access control checks in various team management endpoints, enabling attackers to exploit these functionalities without proper authorization.

Action-Not Available
Vendor-litellmberriaiberriai
Product-litellmberriai/litellmlitellm
CWE ID-CWE-862
Missing Authorization
CVE-2026-57335
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 13.71%
||
7 Day CHG~0.00%
Published-29 Jun, 2026 | 13:36
Updated-01 Jul, 2026 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ads by WPQuads plugin <= 3.0.3 - Broken Access Control vulnerability

Subscriber Broken Access Control in Ads by WPQuads <= 3.0.3 versions.

Action-Not Available
Vendor-Ads WPQuads
Product-Ads by WPQuads
CWE ID-CWE-862
Missing Authorization
CVE-2026-57353
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 21.85%
||
7 Day CHG~0.00%
Published-02 Jul, 2026 | 11:15
Updated-02 Jul, 2026 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Link Whisper Premium plugin <= 2.9.0 - Broken Access Control vulnerability

Subscriber Broken Access Control in Link Whisper Premium <= 2.9.0 versions.

Action-Not Available
Vendor-LinkWhisper
Product-Link Whisper Premium
CWE ID-CWE-862
Missing Authorization
CVE-2024-5570
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.55% / 42.13%
||
7 Day CHG~0.00%
Published-28 Jun, 2024 | 06:00
Updated-27 Aug, 2025 | 12:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Simple Photoswipe <= 0.1 - Subscriber+ Arbitrary Settings Update

The Simple Photoswipe WordPress plugin through 0.1 does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them

Action-Not Available
Vendor-zitscherUnknowntobias_cichon
Product-simple_photoswipeSimple Photoswipesimple_photoswipe
CWE ID-CWE-862
Missing Authorization
CVE-2026-57419
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 11.52%
||
7 Day CHG~0.00%
Published-13 Jul, 2026 | 08:41
Updated-13 Jul, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Stock Locations for WooCommerce plugin <= 3.1.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Fahad Mahmood Stock Locations for WooCommerce stock-locations-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Locations for WooCommerce: from n/a through <= 3.1.8.

Action-Not Available
Vendor-Fahad Mahmood
Product-Stock Locations for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2026-57654
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 7.11%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 14:53
Updated-29 Jun, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Affiliates Manager plugin <= 2.9.49 - Broken Access Control vulnerability

Affiliate Broken Access Control in Affiliates Manager <= 2.9.49 versions.

Action-Not Available
Vendor-wp.insider
Product-Affiliates Manager
CWE ID-CWE-862
Missing Authorization
CVE-2023-28689
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.49% / 38.91%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 11:31
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JS Job Manager plugin <= 2.0.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in JoomSky JS Job Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Job Manager: from n/a through 2.0.0.

Action-Not Available
Vendor-joomskyJoomSky
Product-js_job_managerJS Job Manager
CWE ID-CWE-862
Missing Authorization
CVE-2025-2779
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.27% / 18.69%
||
7 Day CHG~0.00%
Published-02 Apr, 2025 | 01:44
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insert Headers and Footers Code – HT Script <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update

The Insert Headers and Footers Code – HT Script plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to 1/true on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny access to legitimate users or be used to set some values to true, such as registration.

Action-Not Available
Vendor-HasTech IT Limited (HasThemes)
Product-Insert Headers and Footers Code – HT Script
CWE ID-CWE-862
Missing Authorization
CVE-2024-54251
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.47% / 37.88%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 11:32
Updated-11 May, 2026 | 22:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Prodigy Commerce plugin <= 3.1.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in prodigycommerce Prodigy Commerce prodigy-commerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Prodigy Commerce: from n/a through <= 3.1.2.

Action-Not Available
Vendor-prodigycommerce
Product-Prodigy Commerce
CWE ID-CWE-862
Missing Authorization
CVE-2026-48014
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-Not Assigned
Published-17 Jul, 2026 | 17:56
Updated-17 Jul, 2026 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Shopware: Admin API ACL Bypass in Order State Transition Endpoints

Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, the order state transition features /api/_action/order/{orderId}/state/{transition} and similar transaction and delivery transition routes in src/Core/Checkout/Order/Api/OrderActionController.php do not declare PlatformRequest::ATTRIBUTE_ACL or perform an explicit privilege check, so AclAnnotationValidator exits when route ACL metadata is absent and low-privileged users without order:update, order_transaction:update, or order_delivery:update can trigger StateMachineRegistry::transition() writes in SYSTEM_SCOPE. This issue is fixed in versions 6.6.10.18 and 6.7.10.1.

Action-Not Available
Vendor-shopware
Product-shopwareplatform
CWE ID-CWE-862
Missing Authorization
CVE-2026-54027
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 8.66%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 15:52
Updated-26 Jun, 2026 | 19:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LibreChat: Image Upload Route Bypasses Agent Permission Check — Incomplete Fix for File Upload Authorization

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/files/images endpoint allows any authenticated user to upload files into any agent's tool_resources (e.g., context, execute_code) without verifying ownership or EDIT permission on the target agent. A permission check was added to the POST /api/files route in a previous patch, but the image upload route was never updated with the same check. An attacker can simply use the image endpoint instead of the file endpoint to bypass the authorization entirely. This vulnerability is fixed in 0.8.4-rc1.

Action-Not Available
Vendor-librechatdanny-avila
Product-librechatLibreChat
CWE ID-CWE-862
Missing Authorization
CVE-2026-54029
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 5.43%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 15:51
Updated-29 Jun, 2026 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LibreChat: IDOR in Message Deletion — Incomplete Fix for CVE-2024-41703 Leaves deleteMessages() Without User Filter

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the DELETE /api/messages/:conversationId/:messageId endpoint allows any authenticated user to delete any other user's messages. The validateMessageReq middleware only validates that the conversationId belongs to the requesting user, but the handler calls deleteMessages({ messageId }) using only the messageId as the MongoDB filter — without adding a user constraint. An attacker provides their own valid conversationId (to pass validation) and the victim's messageId (to target deletion), resulting in permanent, irrecoverable message deletion. This vulnerability is fixed in 0.8.4-rc1.

Action-Not Available
Vendor-librechatdanny-avila
Product-librechatLibreChat
CWE ID-CWE-862
Missing Authorization
CVE-2025-31789
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.33% / 24.56%
||
7 Day CHG~0.00%
Published-03 Apr, 2025 | 13:27
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TextMe SMS plugin <= 1.9.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Matat Technologies TextMe SMS textme-sms-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TextMe SMS: from n/a through <= 1.9.1.

Action-Not Available
Vendor-Matat Technologies
Product-TextMe SMS
CWE ID-CWE-862
Missing Authorization
CVE-2026-52892
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 17.37%
||
7 Day CHG~0.00%
Published-15 Jul, 2026 | 21:08
Updated-16 Jul, 2026 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wekan: Read-only board members can create/modify/delete Custom Fields (privilege escalation via read-level authz on write ops)

Wekan is open source kanban built with Meteor. Prior to 9.32, Wekan REST handlers in server/models/customFields.js use read-level Authentication.checkBoardAccess instead of write-level Authentication.checkBoardWriteAccess for mutating custom-field routes. A read-only board member can call POST, PUT, and DELETE handlers for /api/boards/:boardId/custom-fields and custom-field dropdown items to create, update, or delete board custom fields. This issue is fixed in version 9.32.

Action-Not Available
Vendor-wekan
Product-wekan
CWE ID-CWE-862
Missing Authorization
CVE-2026-50084
Matching Score-4
Assigner-44488dab-36db-4358-99f9-bc116477f914
ShareView Details
Matching Score-4
Assigner-44488dab-36db-4358-99f9-bc116477f914
CVSS Score-9.6||CRITICAL
EPSS-0.24% / 15.56%
||
7 Day CHG+0.03%
Published-12 Jun, 2026 | 15:01
Updated-09 Jul, 2026 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Aqara API cross-account access

The Aqara Cloud Production API (open-cn.aqara.com/v3.0/open/api) would authorize any valid developer token for access to any account. This is an instance of "CWE-862: Missing Authorization" with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N (9.6 Critical). When combined with CVE-2026-50082, CVE-50083, and CVE-50085, this can lead to a fully unauthenticated, remote takeover of affected devices.

Action-Not Available
Vendor-aqaraAqara
Product-cloud_production_apiCloud Production API
CWE ID-CWE-862
Missing Authorization
CVE-2023-25715
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.51% / 39.85%
||
7 Day CHG~0.00%
Published-19 Dec, 2023 | 15:40
Updated-28 Apr, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GamiPress Plugin <= 2.5.6 is vulnerable to Broken Access Control

Missing Authorization vulnerability in GamiPress GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress.This issue affects GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress: from n/a through 2.5.6.

Action-Not Available
Vendor-gamipressGamiPress
Product-gamipressGamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress
CWE ID-CWE-862
Missing Authorization
CVE-2023-25768
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.64% / 46.53%
||
7 Day CHG~0.00%
Published-15 Feb, 2023 | 00:00
Updated-19 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server.

Action-Not Available
Vendor-Jenkins
Product-azure_credentialsJenkins Azure Credentials Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2023-25997
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 19.88%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-28 Apr, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sola Support Ticket <= 3.17 - Arbitrary Content Deletion Vulnerability

Missing Authorization vulnerability in SolaPlugins Sola Support Ticket allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sola Support Ticket: from n/a through 3.17.

Action-Not Available
Vendor-SolaPlugins
Product-Sola Support Ticket
CWE ID-CWE-862
Missing Authorization
CVE-2026-49385
Matching Score-4
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-4
Assigner-JetBrains s.r.o.
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 11.54%
||
7 Day CHG~0.00%
Published-29 May, 2026 | 18:15
Updated-01 Jun, 2026 | 12:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts

Action-Not Available
Vendor-JetBrains s.r.o.
Product-youtrackYouTrack
CWE ID-CWE-862
Missing Authorization
CVE-2023-24448
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.72% / 49.85%
||
7 Day CHG~0.00%
Published-24 Jan, 2023 | 00:00
Updated-02 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins RabbitMQ Consumer Plugin 2.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified AMQP(S) URL using attacker-specified username and password.

Action-Not Available
Vendor-Jenkins
Product-rabbitmq_consumerJenkins RabbitMQ Consumer Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2023-24453
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.72% / 49.85%
||
7 Day CHG~0.00%
Published-24 Jan, 2023 | 00:00
Updated-02 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing check in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password.

Action-Not Available
Vendor-Jenkins
Product-testquality_updaterJenkins TestQuality Updater Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2023-24459
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.72% / 49.65%
||
7 Day CHG~0.00%
Published-24 Jan, 2023 | 00:00
Updated-01 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.

Action-Not Available
Vendor-Jenkins
Product-bearychatJenkins BearyChat Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2020-9514
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.96% / 57.55%
||
7 Day CHG~0.00%
Published-07 Apr, 2020 | 16:42
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the IMPress for IDX Broker plugin before 2.6.2 for WordPress. wrappers.php allows a logged-in user (with the Subscriber role) to permanently delete arbitrary posts and pages, create new posts with arbitrary subjects, and modify the subjects of existing posts and pages (via create_dynamic_page and delete_dynamic_page).

Action-Not Available
Vendor-idxbrokern/a
Product-impress_for_idx_brokern/a
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found