Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-46645
PUBLISHED
More InfoOfficial Page
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
View Known Exploited Vulnerability (KEV) details
Published At-10 Jun, 2026 | 22:23
Updated At-10 Jun, 2026 | 22:23
Rejected At-
▼CVE Numbering Authority (CNA)
SQLAdmin: Authorization Bypass on `ajax_lookup`

SQLAdmin is a flexible Admin interface for SQLAlchemy models. Prior to version 0.25.1, the ajax_lookup endpoint in application.py bypasses the is_accessible() access control check that all other endpoints enforce. If a developer restricts model access by overriding is_accessible(), an authenticated user can still query that model's data through the ajax_lookup endpoint — silently bypassing the restriction. This issue has been patched in version 0.25.1.

Affected Products
Vendor
smithyhq
Product
sqladmin
Versions
Affected
  • < 0.25.1
Problem Types
TypeCWE IDDescription
CWECWE-862CWE-862: Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: CWE-862: Missing Authorization
Metrics
VersionBase scoreBase severityVector
3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/smithyhq/sqladmin/security/advisories/GHSA-54mc-gghv-4cfj
x_refsource_CONFIRM
https://github.com/smithyhq/sqladmin/pull/1035
x_refsource_MISC
https://github.com/smithyhq/sqladmin/commit/b0d3a19fb9b074a9ed243de46930108375dfbb98
x_refsource_MISC
https://github.com/smithyhq/sqladmin/releases/tag/0.25.1
x_refsource_MISC
Hyperlink: https://github.com/smithyhq/sqladmin/security/advisories/GHSA-54mc-gghv-4cfj
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/smithyhq/sqladmin/pull/1035
Resource:
x_refsource_MISC
Hyperlink: https://github.com/smithyhq/sqladmin/commit/b0d3a19fb9b074a9ed243de46930108375dfbb98
Resource:
x_refsource_MISC
Hyperlink: https://github.com/smithyhq/sqladmin/releases/tag/0.25.1
Resource:
x_refsource_MISC
Details not found