ByteOS Network

CVE Vulnerability Details :

CVE-2026-47716

PUBLISHED

More Info Official Page

Assigner-GitHub_M

Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa

Published At-26 May, 2026 | 16:23

Updated At-26 May, 2026 | 16:23

▼CVE Numbering Authority (CNA)

Bugsink: Issue bulk actions can affect another project’s issue if its UUID is known

Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, In affected versions, the issue list view authorizes access through the project in the URL, but applies the requested bulk action to the submitted issue IDs without also requiring those issues to belong to that project. This vulnerability is fixed in 2.2.0.

Affected Products

Vendor

bugsink

Product

bugsink

Versions

Affected

< 2.2.0

Problem Types

Type	CWE ID	Description
CWE	CWE-639	CWE-639: Authorization Bypass Through User-Controlled Key

Type: CWE

CWE ID: CWE-639

Description: CWE-639: Authorization Bypass Through User-Controlled Key

Metrics

Version	Base score	Base severity	Vector
3.1	3.1	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

Version: 3.1

Base score: 3.1

Base severity: LOW

Vector:

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

References

Hyperlink	Resource
https://github.com/bugsink/bugsink/security/advisories/GHSA-g5vc-q7qc-v939	x_refsource_CONFIRM
https://github.com/bugsink/bugsink/releases/tag/2.2.0	x_refsource_MISC

Hyperlink: https://github.com/bugsink/bugsink/security/advisories/GHSA-g5vc-q7qc-v939

Resource:

x_refsource_CONFIRM

Hyperlink: https://github.com/bugsink/bugsink/releases/tag/2.2.0

Resource:

x_refsource_MISC

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References