CWE-863
Allowed-with-ReviewIncorrect Authorization
Abstraction: Class · Status: Incomplete
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
5491 vulnerabilities reference this CWE, most recent first.
CVE-2026-58494 (GCVE-0-2026-58494)
Vulnerability from cvelistv5 – Published: 2026-07-08 20:22 – Updated: 2026-07-09 13:28| URL | Tags |
|---|---|
| https://github.com/bytecodealliance/wasmtime/secu… | x_refsource_CONFIRM |
| https://github.com/bytecodealliance/wasmtime/comm… | x_refsource_MISC |
| https://github.com/bytecodealliance/wasmtime/comm… | x_refsource_MISC |
| https://github.com/bytecodealliance/wasmtime/comm… | x_refsource_MISC |
| https://github.com/bytecodealliance/wasmtime/comm… | x_refsource_MISC |
| https://github.com/bytecodealliance/wasmtime/rele… | x_refsource_MISC |
| https://github.com/bytecodealliance/wasmtime/rele… | x_refsource_MISC |
| https://github.com/bytecodealliance/wasmtime/rele… | x_refsource_MISC |
| https://github.com/bytecodealliance/wasmtime/rele… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| bytecodealliance | wasmtime |
Affected:
< 24.0.11
Affected: >= 25.0.0, < 36.0.12 Affected: >= 37.0.0, < 45.0.3 Affected: >= 46.0.0, < 46.0.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-58494",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T13:28:46.718754Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T13:28:57.055Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "wasmtime",
"vendor": "bytecodealliance",
"versions": [
{
"status": "affected",
"version": "\u003c 24.0.11"
},
{
"status": "affected",
"version": "\u003e= 25.0.0, \u003c 36.0.12"
},
{
"status": "affected",
"version": "\u003e= 37.0.0, \u003c 45.0.3"
},
{
"status": "affected",
"version": "\u003e= 46.0.0, \u003c 46.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Wasmtime is a runtime for WebAssembly. Prior to 24.0.11, 36.0.12, 45.0.3, and 46.0.1, wasmtime-wasi hard-link creation and renaming check directory permissions but not matching FilePerms on source and destination preopens, allowing a WASI guest with a read-only source file capability to overwrite host files exposed as FilePerms::READ through wasip1, wasip2, or wasip3 filesystem interfaces. This issue is fixed in versions 24.0.11, 36.0.12, 45.0.3, and 46.0.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-281",
"description": "CWE-281: Improper Preservation of Permissions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T20:22:16.039Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-4ch3-9j33-3pmj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-4ch3-9j33-3pmj"
},
{
"name": "https://github.com/bytecodealliance/wasmtime/commit/5ddfd5f1ef28f2041fa07d237ad0336e167b0e0c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bytecodealliance/wasmtime/commit/5ddfd5f1ef28f2041fa07d237ad0336e167b0e0c"
},
{
"name": "https://github.com/bytecodealliance/wasmtime/commit/7db94cdcf0c79cb3dfde884b534b653f2dd83367",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bytecodealliance/wasmtime/commit/7db94cdcf0c79cb3dfde884b534b653f2dd83367"
},
{
"name": "https://github.com/bytecodealliance/wasmtime/commit/8a250aac0962ca1364b5f16525720e9d0b39edcd",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bytecodealliance/wasmtime/commit/8a250aac0962ca1364b5f16525720e9d0b39edcd"
},
{
"name": "https://github.com/bytecodealliance/wasmtime/commit/d3ceb56ec35f39e02496eeb4e2d9c7f4fb964d9e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bytecodealliance/wasmtime/commit/d3ceb56ec35f39e02496eeb4e2d9c7f4fb964d9e"
},
{
"name": "https://github.com/bytecodealliance/wasmtime/releases/tag/v24.0.11",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bytecodealliance/wasmtime/releases/tag/v24.0.11"
},
{
"name": "https://github.com/bytecodealliance/wasmtime/releases/tag/v36.0.12",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bytecodealliance/wasmtime/releases/tag/v36.0.12"
},
{
"name": "https://github.com/bytecodealliance/wasmtime/releases/tag/v45.0.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bytecodealliance/wasmtime/releases/tag/v45.0.3"
},
{
"name": "https://github.com/bytecodealliance/wasmtime/releases/tag/v46.0.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bytecodealliance/wasmtime/releases/tag/v46.0.1"
}
],
"source": {
"advisory": "GHSA-4ch3-9j33-3pmj",
"discovery": "UNKNOWN"
},
"title": "Wasmtime: WASI hard links bypass wasmtime-wasi\u0027s FilePerms for destination"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-58494",
"datePublished": "2026-07-08T20:22:16.039Z",
"dateReserved": "2026-06-30T20:21:25.812Z",
"dateUpdated": "2026-07-09T13:28:57.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-58424 (GCVE-0-2026-58424)
Vulnerability from cvelistv5 – Published: 2026-07-03 20:54 – Updated: 2026-07-06 15:09| URL | Tags |
|---|---|
| https://github.com/go-gitea/gitea/security/adviso… | vendor-advisory |
| https://github.com/go-gitea/gitea/pull/38010 | patch |
| https://github.com/go-gitea/gitea/releases/tag/v1.26.4 | release-notes |
| https://blog.gitea.com/release-of-1.26.3-and-1.26.4/ | release-notes |
| Vendor | Product | Version | |
|---|---|---|---|
| Gitea | Gitea Open Source Git Server |
Affected:
0 , ≤ 1.26.2
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-58424",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T15:08:57.826125Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T15:09:01.188Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/go-gitea/gitea/security/advisories/GHSA-777r-4v59-6486"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gitea Open Source Git Server",
"vendor": "Gitea",
"versions": [
{
"lessThanOrEqual": "1.26.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "prakhar0x01"
}
],
"descriptions": [
{
"lang": "en",
"value": "Permanent Fork PR Workflow Approval Gate Bypass"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T20:54:52.923Z",
"orgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"shortName": "Gitea"
},
"references": [
{
"name": "GitHub Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/go-gitea/gitea/security/advisories/GHSA-777r-4v59-6486"
},
{
"name": "GitHub Pull Request #38010",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/38010"
},
{
"name": "Gitea v1.26.4 Release",
"tags": [
"release-notes"
],
"url": "https://github.com/go-gitea/gitea/releases/tag/v1.26.4"
},
{
"name": "Gitea v1.26.4 Release Blog Post",
"tags": [
"release-notes"
],
"url": "https://blog.gitea.com/release-of-1.26.3-and-1.26.4/"
}
],
"title": "Permanent Fork PR Workflow Approval Gate Bypass",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"assignerShortName": "Gitea",
"cveId": "CVE-2026-58424",
"datePublished": "2026-07-03T20:54:52.923Z",
"dateReserved": "2026-06-30T18:57:20.614Z",
"dateUpdated": "2026-07-06T15:09:01.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-58408 (GCVE-0-2026-58408)
Vulnerability from cvelistv5 – Published: 2026-07-13 19:43 – Updated: 2026-07-14 12:57| URL | Tags |
|---|---|
| https://github.com/ChurchCRM/CRM/security/advisor… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-58408",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-14T12:57:23.509918Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T12:57:34.313Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CRM",
"vendor": "ChurchCRM",
"versions": [
{
"status": "affected",
"version": "\u003c 7.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ChurchCRM is an open-source church management system. Prior to version 7.4.0, a low-privileged user can bypass the /admin/export UI and exfiltrate the entire member directory. The POST /CSVCreateFile.php endpoint generates and streams a CSV containing the full Personally Identifiable Information (PII) of every Person/Family record in the database, without performing any feature-level or object-level authorization check beyond the coarse \"has any admin permission\" gate inherited from the legacy page bootstrap. In other words, any single non-admin permission flag is enough to reach the CSV bulk-export endpoint, even though such users should not have data export rights. The export script is missing a dedicated isAdmin() (or a new bExportData) authorization check of its own. This issue has been fixed in version 7.4.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-13T19:43:48.352Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ChurchCRM/CRM/security/advisories/GHSA-4vj2-gm78-3q63",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ChurchCRM/CRM/security/advisories/GHSA-4vj2-gm78-3q63"
}
],
"source": {
"advisory": "GHSA-4vj2-gm78-3q63",
"discovery": "UNKNOWN"
},
"title": "ChurchCRM : Broken Access Control in `CSVCreateFile.php` Allows Low-Privileged Users to Export All Members\u0027 PII"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-58408",
"datePublished": "2026-07-13T19:43:48.352Z",
"dateReserved": "2026-06-30T18:19:58.379Z",
"dateUpdated": "2026-07-14T12:57:34.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-58254 (GCVE-0-2026-58254)
Vulnerability from cvelistv5 – Published: 2026-07-08 19:56 – Updated: 2026-07-09 13:38- CWE-863 - Incorrect Authorization
| URL | Tags |
|---|---|
| https://github.com/nats-io/nats-server/security/a… | x_refsource_CONFIRM |
| https://github.com/nats-io/nats-server/commit/cbe… | x_refsource_MISC |
| https://github.com/nats-io/nats-server/releases/t… | x_refsource_MISC |
| https://github.com/nats-io/nats-server/releases/t… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| nats-io | nats-server |
Affected:
< 2.12.8
Affected: >= 2.14.0-RC.1, < 2.14.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-58254",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T13:38:04.787145Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T13:38:17.588Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nats-server",
"vendor": "nats-io",
"versions": [
{
"status": "affected",
"version": "\u003c 2.12.8"
},
{
"status": "affected",
"version": "\u003e= 2.14.0-RC.1, \u003c 2.14.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.8, message trace destination checks were applied to ordinary client connections but not consistently to messages arriving through leafnode connections, allowing a leafnode operator to send trace events to subjects that would not otherwise be permitted and to use trace-only behavior to prevent normal delivery or storage of affected messages. This issue is fixed in versions 2.14.3 and 2.12.8."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T19:56:58.311Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nats-io/nats-server/security/advisories/GHSA-p3j5-5hrq-p75h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-p3j5-5hrq-p75h"
},
{
"name": "https://github.com/nats-io/nats-server/commit/cbe845932980b71563efac5cfa4cc751c88936cd",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nats-io/nats-server/commit/cbe845932980b71563efac5cfa4cc751c88936cd"
},
{
"name": "https://github.com/nats-io/nats-server/releases/tag/v2.12.8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nats-io/nats-server/releases/tag/v2.12.8"
},
{
"name": "https://github.com/nats-io/nats-server/releases/tag/v2.14.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nats-io/nats-server/releases/tag/v2.14.3"
}
],
"source": {
"advisory": "GHSA-p3j5-5hrq-p75h",
"discovery": "UNKNOWN"
},
"title": "NATS Server: Incomplete fix for CVE-2026-33249: Leaf node connections bypass Nats-Trace-Dest permission check"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-58254",
"datePublished": "2026-07-08T19:56:58.311Z",
"dateReserved": "2026-06-29T21:54:30.330Z",
"dateUpdated": "2026-07-09T13:38:17.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-58214 (GCVE-0-2026-58214)
Vulnerability from cvelistv5 – Published: 2026-07-08 20:06 – Updated: 2026-07-09 13:32- CWE-863 - Incorrect Authorization
| URL | Tags |
|---|---|
| https://github.com/nats-io/nats-server/security/a… | x_refsource_CONFIRM |
| https://github.com/nats-io/nats-server/commit/297… | x_refsource_MISC |
| https://github.com/nats-io/nats-server/commit/34b… | x_refsource_MISC |
| https://github.com/nats-io/nats-server/releases/t… | x_refsource_MISC |
| https://github.com/nats-io/nats-server/releases/t… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| nats-io | nats-server |
Affected:
< 2.12.12
Affected: >= 2.14.0-RC.1, < 2.14.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-58214",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T13:32:18.907165Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T13:32:36.057Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nats-server",
"vendor": "nats-io",
"versions": [
{
"status": "affected",
"version": "\u003c 2.12.12"
},
{
"status": "affected",
"version": "\u003e= 2.14.0-RC.1, \u003c 2.14.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an authenticated MQTT client could subscribe to the internal $MQTT.deliver.pubrel subject family, bypassing configured subscribe permissions and exposing MQTT QoS2 protocol metadata for sessions in the account. This issue is fixed in versions 2.14.3 and 2.12.12."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T20:06:34.794Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nats-io/nats-server/security/advisories/GHSA-4g68-3pwx-5vfj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-4g68-3pwx-5vfj"
},
{
"name": "https://github.com/nats-io/nats-server/commit/297b166be60fe13144084eed4b25201ead03204a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nats-io/nats-server/commit/297b166be60fe13144084eed4b25201ead03204a"
},
{
"name": "https://github.com/nats-io/nats-server/commit/34b09657bb596d5f850eaa5cfc97ea6b2f989a97",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nats-io/nats-server/commit/34b09657bb596d5f850eaa5cfc97ea6b2f989a97"
},
{
"name": "https://github.com/nats-io/nats-server/releases/tag/v2.12.12",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nats-io/nats-server/releases/tag/v2.12.12"
},
{
"name": "https://github.com/nats-io/nats-server/releases/tag/v2.14.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nats-io/nats-server/releases/tag/v2.14.3"
}
],
"source": {
"advisory": "GHSA-4g68-3pwx-5vfj",
"discovery": "UNKNOWN"
},
"title": "NATS Server: MQTT subscribe ACL bypass via $MQTT.deliver.pubrel prefix (incomplete fix for CVE-2026-33217)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-58214",
"datePublished": "2026-07-08T20:06:34.794Z",
"dateReserved": "2026-06-29T17:09:25.873Z",
"dateUpdated": "2026-07-09T13:32:36.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-58211 (GCVE-0-2026-58211)
Vulnerability from cvelistv5 – Published: 2026-07-08 20:16 – Updated: 2026-07-09 14:27- CWE-863 - Incorrect Authorization
| URL | Tags |
|---|---|
| https://github.com/nats-io/nats-server/security/a… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| nats-io | nats-server |
Affected:
< 2.12.12
Affected: >= 2.14.0-RC.1, < 2.14.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-58211",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T14:27:18.977045Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T14:27:25.118Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nats-server",
"vendor": "nats-io",
"versions": [
{
"status": "affected",
"version": "\u003c 2.12.12"
},
{
"status": "affected",
"version": "\u003e= 2.14.0-RC.1, \u003c 2.14.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client could be registered as the configured no_auth_user through a parser path used when the first client operation was not CONNECT, bypassing user-level connection restrictions such as allowed_connection_types or proxy_required that normal authentication would apply. This issue is fixed in versions 2.14.3 and 2.12.12."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T20:16:25.262Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nats-io/nats-server/security/advisories/GHSA-hmmp-q8cx-v964",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-hmmp-q8cx-v964"
}
],
"source": {
"advisory": "GHSA-hmmp-q8cx-v964",
"discovery": "UNKNOWN"
},
"title": "NATS Server: `no_auth_user` pre-CONNECT fast path bypasses user connection restrictions"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-58211",
"datePublished": "2026-07-08T20:16:25.262Z",
"dateReserved": "2026-06-29T17:09:25.872Z",
"dateUpdated": "2026-07-09T14:27:25.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-58209 (GCVE-0-2026-58209)
Vulnerability from cvelistv5 – Published: 2026-07-08 20:12 – Updated: 2026-07-09 13:31- CWE-863 - Incorrect Authorization
| URL | Tags |
|---|---|
| https://github.com/nats-io/nats-server/security/a… | x_refsource_CONFIRM |
| https://github.com/nats-io/nats-server/commit/181… | x_refsource_MISC |
| https://github.com/nats-io/nats-server/commit/1c4… | x_refsource_MISC |
| https://github.com/nats-io/nats-server/releases/t… | x_refsource_MISC |
| https://github.com/nats-io/nats-server/releases/t… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| nats-io | nats-server |
Affected:
< 2.12.12
Affected: >= 2.14.0-RC.1, < 2.14.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-58209",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T13:30:43.243356Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T13:31:07.445Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nats-server",
"vendor": "nats-io",
"versions": [
{
"status": "affected",
"version": "\u003c 2.12.12"
},
{
"status": "affected",
"version": "\u003e= 2.14.0-RC.1, \u003c 2.14.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, MQTT retained message delivery and QoS1+ durable replay could deliver messages whose original topics matched a subscriber configured subscribe deny rule because these delivery paths did not consistently recheck the concrete original topic before sending the MQTT PUBLISH to the subscriber. This issue is fixed in versions 2.14.3 and 2.12.12."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T20:12:11.240Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nats-io/nats-server/security/advisories/GHSA-7qmq-8cc4-hxwg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-7qmq-8cc4-hxwg"
},
{
"name": "https://github.com/nats-io/nats-server/commit/181b1f51f40b9954c57e9d478e051fb257679356",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nats-io/nats-server/commit/181b1f51f40b9954c57e9d478e051fb257679356"
},
{
"name": "https://github.com/nats-io/nats-server/commit/1c429b6fdc5afd4188cc5faf1127f6334896cd87",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nats-io/nats-server/commit/1c429b6fdc5afd4188cc5faf1127f6334896cd87"
},
{
"name": "https://github.com/nats-io/nats-server/releases/tag/v2.12.12",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nats-io/nats-server/releases/tag/v2.12.12"
},
{
"name": "https://github.com/nats-io/nats-server/releases/tag/v2.14.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nats-io/nats-server/releases/tag/v2.14.3"
}
],
"source": {
"advisory": "GHSA-7qmq-8cc4-hxwg",
"discovery": "UNKNOWN"
},
"title": "NATS Server: MQTT retained and QoS replay bypass subscribe deny filters"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-58209",
"datePublished": "2026-07-08T20:12:11.240Z",
"dateReserved": "2026-06-29T17:09:25.872Z",
"dateUpdated": "2026-07-09T13:31:07.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-58056 (GCVE-0-2026-58056)
Vulnerability from cvelistv5 – Published: 2026-06-28 01:32 – Updated: 2026-06-29 12:29- CWE-863 - Incorrect Authorization
| URL | Tags |
|---|---|
| https://github.com/bikini/exploitarium/tree/main/… | exploitthird-party-advisory |
| https://www.vulncheck.com/advisories/rustdesk-fil… | third-party-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-58056",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-29T12:29:19.790048Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T12:29:30.256Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "RustDesk",
"vendor": "RustDesk",
"versions": [
{
"lessThanOrEqual": "ff226f6d8013dee2de5a6553abaf67bf32b3e875",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rustdesk:rustdesk:*:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ashdfrkl"
}
],
"datePublic": "2026-06-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "RustDesk gates incoming control messages on per-capability flags rather than on the session\u0027s authorized connection type, and a file-transfer session does not clear those flags. A peer holding only a valid FileTransfer authorization can inject keyboard and mouse input and reach the unguarded screenshot and display-capture handlers, acting outside its granted scope."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS"
},
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-28T01:32:57.879Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Proof of Concept",
"tags": [
"exploit",
"third-party-advisory"
],
"url": "https://github.com/bikini/exploitarium/tree/main/rustdesk-session-permission-pocs"
},
{
"name": "VulnCheck Advisory: RustDesk - FileTransfer Session Authorization Scope Bypass",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/rustdesk-filetransfer-session-authorization-scope-bypass"
}
],
"title": "RustDesk - FileTransfer Session Authorization Scope Bypass",
"x_generator": {
"engine": "vulncheck-endgame"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-58056",
"datePublished": "2026-06-28T01:32:57.879Z",
"dateReserved": "2026-06-28T00:55:25.426Z",
"dateUpdated": "2026-06-29T12:29:30.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-57953 (GCVE-0-2026-57953)
Vulnerability from cvelistv5 – Published: 2026-06-29 17:21 – Updated: 2026-07-14 21:34 X_Open Source- CWE-863 - Incorrect Authorization
| URL | Tags |
|---|---|
| https://github.com/its-a-feature/Mythic/releases/… | release-notes |
| https://github.com/its-a-feature/Mythic/issues/565 | issue-tracking |
| https://github.com/its-a-feature/Mythic/commit/82… | patch |
| https://www.vulncheck.com/advisories/mythic-unaut… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| its-a-feature | Mythic |
Affected:
0 , < 3.4.0.60
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-57953",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-29T19:40:44.410964Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T19:40:50.774Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:github/its-a-feature/Mythic",
"product": "Mythic",
"repo": "https://github.com/its-a-feature/Mythic",
"vendor": "its-a-feature",
"versions": [
{
"lessThan": "3.4.0.60",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:its-a-feature:mythic:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.4.0.60",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "George Chen"
}
],
"datePublic": "2026-06-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mythic before 3.4.0.60 contains an authorization bypass vulnerability that allows authenticated spectator-role users to perform unauthorized write operations by accessing the eventing_import_automatic_webhook endpoint registered under spectator-permitted middleware. Attackers with spectator role can exploit this misconfigured access control to create and delete automation workflows, making unauthorized modifications to operation automation configuration and EventGroups."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T21:34:42.924Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Release Notes",
"tags": [
"release-notes"
],
"url": "https://github.com/its-a-feature/Mythic/releases/tag/v3.4.0.60"
},
{
"name": "Researcher Disclosure",
"tags": [
"issue-tracking"
],
"url": "https://github.com/its-a-feature/Mythic/issues/565"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/its-a-feature/Mythic/commit/82648e8241b800a32e1882afc310e7316d98ebaa"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/mythic-unauthorized-automation-workflow-modification-via-eventing-import-automatic-webhook-endpoint"
}
],
"tags": [
"x_open-source"
],
"title": "Mythic \u003c 3.4.0.60 - Unauthorized Automation Workflow Modification via eventing_import_automatic_webhook Endpoint",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-57953",
"datePublished": "2026-06-29T17:21:31.254Z",
"dateReserved": "2026-06-26T13:59:33.047Z",
"dateUpdated": "2026-07-14T21:34:42.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-57951 (GCVE-0-2026-57951)
Vulnerability from cvelistv5 – Published: 2026-06-29 17:20 – Updated: 2026-07-14 21:34 X_Open Source- CWE-863 - Incorrect Authorization
| URL | Tags |
|---|---|
| https://github.com/its-a-feature/Mythic/releases/… | release-notes |
| https://github.com/its-a-feature/Mythic/issues/563 | issue-tracking |
| https://github.com/its-a-feature/Mythic/commit/82… | patch |
| https://www.vulncheck.com/advisories/mythic-broke… | third-party-advisory |
| ttps://github.com/its-a-feature/Mythic/issues/563 | exploit |
| Vendor | Product | Version | |
|---|---|---|---|
| its-a-feature | Mythic |
Affected:
0 , < 3.4.0.60
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-57951",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-01T14:12:06.329432Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T14:12:44.518Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "ttps://github.com/its-a-feature/Mythic/issues/563"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:github/its-a-feature/Mythic",
"product": "Mythic",
"repo": "https://github.com/its-a-feature/Mythic",
"vendor": "its-a-feature",
"versions": [
{
"lessThan": "3.4.0.60",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:its-a-feature:mythic:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.4.0.60",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "George Chen"
}
],
"datePublic": "2026-06-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mythic before 3.4.0.60 contains a broken hasura permission filter on the payload_build_step table with an always-satisfied _or condition that bypasses operation-scoped access controls. Authenticated operators and spectators can query payload_build_step to read step_stdout, step_stderr, step_name, and step_description across all operations on the server."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T21:34:41.520Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Release Notes",
"tags": [
"release-notes"
],
"url": "https://github.com/its-a-feature/Mythic/releases/tag/v3.4.0.60"
},
{
"name": "Researcher Disclosure",
"tags": [
"issue-tracking"
],
"url": "https://github.com/its-a-feature/Mythic/issues/563"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/its-a-feature/Mythic/commit/82648e8241b800a32e1882afc310e7316d98ebaa"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/mythic-broken-permission-filter-in-payload-build-step-table"
}
],
"tags": [
"x_open-source"
],
"title": "Mythic \u003c 3.4.0.60 - Broken Permission Filter in payload_build_step Table",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-57951",
"datePublished": "2026-06-29T17:20:36.203Z",
"dateReserved": "2026-06-26T13:57:16.356Z",
"dateUpdated": "2026-07-14T21:34:41.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
- Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
- Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].
Mitigation MIT-4.4
Strategy: Libraries or Frameworks
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
- For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
- One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.
No CAPEC attack patterns related to this CWE.