CWE-863
Allowed-with-ReviewIncorrect Authorization
Abstraction: Class · Status: Incomplete
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
5537 vulnerabilities reference this CWE, most recent first.
CVE-2026-14896 (GCVE-0-2026-14896)
Vulnerability from cvelistv5 – Published: 2026-07-08 20:21 – Updated: 2026-07-09 13:40- CWE-863 - Incorrect Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| HashiCorp | Nomad |
Affected:
0.4.1 , < 2.0.4
(semver)
|
|
| HashiCorp | Nomad Enterprise |
Affected:
0.4.1 , < 2.0.4
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-14896",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T13:40:04.927188Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T13:40:15.017Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"product": "Nomad",
"repo": "https://github.com/hashicorp/nomad",
"vendor": "HashiCorp",
"versions": [
{
"lessThan": "2.0.4",
"status": "affected",
"version": "0.4.1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"product": "Nomad Enterprise",
"repo": "https://github.com/hashicorp/nomad",
"vendor": "HashiCorp",
"versions": [
{
"changes": [
{
"at": "1.11.8",
"status": "unaffected"
},
{
"at": "1.10.14",
"status": "unaffected"
}
],
"lessThan": "2.0.4",
"status": "affected",
"version": "0.4.1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was reported to HashiCorp by George Chen."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eHashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. This vulnerability, CVE-2026-14896, is fixed in Nomad Community Edition 2.0.4 and Nomad Enterprise 2.0.4, 1.11.8, and 1.10.14.\u003c/p\u003e\u003cbr/\u003e"
}
],
"value": "HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. This vulnerability, CVE-2026-14896, is fixed in Nomad Community Edition 2.0.4 and Nomad Enterprise 2.0.4, 1.11.8, and 1.10.14."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T20:21:16.463Z",
"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"shortName": "HashiCorp"
},
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2026-22-nomad-vulnerable-to-cross-namespace-host-volume-claim-deletion/77562"
}
],
"source": {
"advisory": "HCSEC-2026-22",
"discovery": "EXTERNAL"
},
"title": "Nomad vulnerable to cross-namespace host volume claim deletion"
}
},
"cveMetadata": {
"assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"assignerShortName": "HashiCorp",
"cveId": "CVE-2026-14896",
"datePublished": "2026-07-08T20:21:16.463Z",
"dateReserved": "2026-07-06T18:35:49.618Z",
"dateUpdated": "2026-07-09T13:40:15.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-14716 (GCVE-0-2026-14716)
Vulnerability from cvelistv5 – Published: 2026-07-05 05:45 – Updated: 2026-07-07 02:43| URL | Tags |
|---|---|
| https://vuldb.com/vuln/376305 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/376305/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-14716 | third-party-advisory |
| https://vuldb.com/submit/847501 | third-party-advisory |
| https://github.com/nextlevelbuilder/goclaw/issues/1188 | exploitissue-tracking |
| https://github.com/nextlevelbuilder/goclaw/ | product |
| Vendor | Product | Version | |
|---|---|---|---|
| nextlevelbuilder | GoClaw |
Affected:
3.13.0-beta.0
Affected: 3.13.0-beta.1 Affected: 3.13.0-beta.2 cpe:2.3:a:nextlevelbuilder:goclaw:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-14716",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-07T02:43:31.734147Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-07T02:43:44.690Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:nextlevelbuilder:goclaw:*:*:*:*:*:*:*:*"
],
"modules": [
"WebSocket RPC Handler"
],
"product": "GoClaw",
"vendor": "nextlevelbuilder",
"versions": [
{
"status": "affected",
"version": "3.13.0-beta.0"
},
{
"status": "affected",
"version": "3.13.0-beta.1"
},
{
"status": "affected",
"version": "3.13.0-beta.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-y (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.13.0-beta.2. Impacted is the function MethodRouter.Handle of the file internal/gateway/router.go of the component WebSocket RPC Handler. Such manipulation leads to incorrect authorization. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-05T05:45:07.965Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-376305 | nextlevelbuilder GoClaw WebSocket RPC router.go MethodRouter.Handle authorization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/376305"
},
{
"name": "VDB-376305 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/376305/cti"
},
{
"name": "CVE-2026-14716 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-14716"
},
{
"name": "Submit #847501 | NextLevelBuilder GoClaw 3.13.0-beta.2 Incorrect Authorization (CWE-863)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/847501"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/nextlevelbuilder/goclaw/issues/1188"
},
{
"tags": [
"product"
],
"url": "https://github.com/nextlevelbuilder/goclaw/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-04T09:55:41.000Z",
"value": "VulDB entry last update"
}
],
"title": "nextlevelbuilder GoClaw WebSocket RPC router.go MethodRouter.Handle authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-14716",
"datePublished": "2026-07-05T05:45:07.965Z",
"dateReserved": "2026-07-04T07:50:37.826Z",
"dateUpdated": "2026-07-07T02:43:44.690Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-14340 (GCVE-0-2026-14340)
Vulnerability from cvelistv5 – Published: 2026-07-01 21:03 – Updated: 2026-07-02 15:54- CWE-863 - Incorrect Authorization
| URL | Tags |
|---|---|
| https://docs.github.com/en/enterprise-server@3.16… | release-notes |
| https://docs.github.com/en/enterprise-server@3.17… | release-notes |
| https://docs.github.com/en/enterprise-server@3.18… | release-notes |
| https://docs.github.com/en/enterprise-server@3.19… | release-notes |
| https://docs.github.com/en/enterprise-server@3.20… | release-notes |
| https://docs.github.com/en/enterprise-server@3.21… | release-notes |
| Vendor | Product | Version | |
|---|---|---|---|
| GitHub | Enterprise Server |
Affected:
3.16.0 , ≤ 3.16.19
(semver)
Affected: 3.17.0 , ≤ 3.17.16 (semver) Affected: 3.18.0 , ≤ 3.18.10 (semver) Affected: 3.19.0 , ≤ 3.19.7 (semver) Affected: 3.20.0 , ≤ 3.20.3 (semver) Affected: 3.21.0 , ≤ 3.21.1 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-14340",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-02T15:10:33.189761Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T15:54:43.817Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Linux"
],
"product": "Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"changes": [
{
"at": "3.16.20",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.16.19",
"status": "affected",
"version": "3.16.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.17.17",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.17.16",
"status": "affected",
"version": "3.17.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.18.11",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.18.10",
"status": "affected",
"version": "3.18.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.19.8",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.19.7",
"status": "affected",
"version": "3.19.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.20.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.20.3",
"status": "affected",
"version": "3.20.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.21.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.21.1",
"status": "affected",
"version": "3.21.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ahacker1"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a user-to-server token scoped to a GitHub App installation to perform certain write operations on public repositories outside the token\u0027s intended scope. This was possible because the authorization check only verified that the installation had read permissions on the target repository rather than verifying that the token\u0027s installation was explicitly granted access to that repository. An attacker who obtained a victim\u0027s user-to-server token could create issues, issue comments, commit comments, and private vulnerability reports on any public repository, appearing as the victim user with no indication of the app involvement. This vulnerability was fixed by adding a repository scope check for user-to-server tokens issued by global apps. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.22 and was fixed in versions 3.21.2, 3.20.4, 3.19.8, 3.18.11, 3.17.17, 3.16.20. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"value": "An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a user-to-server token scoped to a GitHub App installation to perform certain write operations on public repositories outside the token\u0027s intended scope. This was possible because the authorization check only verified that the installation had read permissions on the target repository rather than verifying that the token\u0027s installation was explicitly granted access to that repository. An attacker who obtained a victim\u0027s user-to-server token could create issues, issue comments, commit comments, and private vulnerability reports on any public repository, appearing as the victim user with no indication of the app involvement. This vulnerability was fixed by adding a repository scope check for user-to-server tokens issued by global apps. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.22 and was fixed in versions 3.21.2, 3.20.4, 3.19.8, 3.18.11, 3.17.17, 3.16.20. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T21:03:00.726Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.20"
},
{
"tags": [
"release-notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.17"
},
{
"tags": [
"release-notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.11"
},
{
"tags": [
"release-notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.8"
},
{
"tags": [
"release-notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.20/admin/release-notes#3.20.4"
},
{
"tags": [
"release-notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.21/admin/release-notes#3.21.2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "An incorrect authorization vulnerability in GitHub Enterprise Server allows issue creation in unrelated public repositories",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2026-14340",
"datePublished": "2026-07-01T21:03:00.726Z",
"dateReserved": "2026-07-01T13:42:35.041Z",
"dateUpdated": "2026-07-02T15:54:43.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-13508 (GCVE-0-2026-13508)
Vulnerability from cvelistv5 – Published: 2026-06-28 21:45 – Updated: 2026-06-29 13:39| URL | Tags |
|---|---|
| https://vuldb.com/vuln/374516 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/374516/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-13508 | third-party-advisory |
| https://vuldb.com/submit/838812 | third-party-advisory |
| https://github.com/khoj-ai/khoj/issues/1327 | exploitissue-tracking |
| https://github.com/khoj-ai/khoj/pull/1328 | issue-trackingpatch |
| https://github.com/khoj-ai/khoj/ | product |
| Vendor | Product | Version | |
|---|---|---|---|
| khoj-ai | khoj |
Affected:
2.0.0-beta.0
Affected: 2.0.0-beta.1 Affected: 2.0.0-beta.2 Affected: 2.0.0-beta.3 Affected: 2.0.0-beta.4 Affected: 2.0.0-beta.5 Affected: 2.0.0-beta.6 Affected: 2.0.0-beta.7 Affected: 2.0.0-beta.8 Affected: 2.0.0-beta.9 Affected: 2.0.0-beta.10 Affected: 2.0.0-beta.11 Affected: 2.0.0-beta.12 Affected: 2.0.0-beta.13 Affected: 2.0.0-beta.14 Affected: 2.0.0-beta.15 Affected: 2.0.0-beta.16 Affected: 2.0.0-beta.17 Affected: 2.0.0-beta.18 Affected: 2.0.0-beta.19 Affected: 2.0.0-beta.20 Affected: 2.0.0-beta.21 Affected: 2.0.0-beta.22 Affected: 2.0.0-beta.23 Affected: 2.0.0-beta.24 Affected: 2.0.0-beta.25 Affected: 2.0.0-beta.26 Affected: 2.0.0-beta.27 Affected: 2.0.0-beta.28 cpe:2.3:a:khoj-ai:khoj:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-13508",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-29T13:39:09.379215Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T13:39:27.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:khoj-ai:khoj:*:*:*:*:*:*:*:*"
],
"modules": [
"Conversation Sharing Handler"
],
"product": "khoj",
"vendor": "khoj-ai",
"versions": [
{
"status": "affected",
"version": "2.0.0-beta.0"
},
{
"status": "affected",
"version": "2.0.0-beta.1"
},
{
"status": "affected",
"version": "2.0.0-beta.2"
},
{
"status": "affected",
"version": "2.0.0-beta.3"
},
{
"status": "affected",
"version": "2.0.0-beta.4"
},
{
"status": "affected",
"version": "2.0.0-beta.5"
},
{
"status": "affected",
"version": "2.0.0-beta.6"
},
{
"status": "affected",
"version": "2.0.0-beta.7"
},
{
"status": "affected",
"version": "2.0.0-beta.8"
},
{
"status": "affected",
"version": "2.0.0-beta.9"
},
{
"status": "affected",
"version": "2.0.0-beta.10"
},
{
"status": "affected",
"version": "2.0.0-beta.11"
},
{
"status": "affected",
"version": "2.0.0-beta.12"
},
{
"status": "affected",
"version": "2.0.0-beta.13"
},
{
"status": "affected",
"version": "2.0.0-beta.14"
},
{
"status": "affected",
"version": "2.0.0-beta.15"
},
{
"status": "affected",
"version": "2.0.0-beta.16"
},
{
"status": "affected",
"version": "2.0.0-beta.17"
},
{
"status": "affected",
"version": "2.0.0-beta.18"
},
{
"status": "affected",
"version": "2.0.0-beta.19"
},
{
"status": "affected",
"version": "2.0.0-beta.20"
},
{
"status": "affected",
"version": "2.0.0-beta.21"
},
{
"status": "affected",
"version": "2.0.0-beta.22"
},
{
"status": "affected",
"version": "2.0.0-beta.23"
},
{
"status": "affected",
"version": "2.0.0-beta.24"
},
{
"status": "affected",
"version": "2.0.0-beta.25"
},
{
"status": "affected",
"version": "2.0.0-beta.26"
},
{
"status": "affected",
"version": "2.0.0-beta.27"
},
{
"status": "affected",
"version": "2.0.0-beta.28"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Dem000000 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in khoj-ai khoj up to 2.0.0-beta.28. This impacts an unknown function of the file src/khoj/routers/api_chat.py of the component Conversation Sharing Handler. This manipulation of the argument conversation.agent causes incorrect authorization. Remote exploitation of the attack is possible. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-28T21:45:10.327Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-374516 | khoj-ai khoj Conversation Sharing api_chat.py authorization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/374516"
},
{
"name": "VDB-374516 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/374516/cti"
},
{
"name": "CVE-2026-13508 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-13508"
},
{
"name": "Submit #838812 | Khoj AI Khoj Source commit e8631261400e0a04c5063e91e498b549976ffc53; affected released versions are unknown. CWE-863: Incorrect Authorization",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/838812"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/khoj-ai/khoj/issues/1327"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/khoj-ai/khoj/pull/1328"
},
{
"tags": [
"product"
],
"url": "https://github.com/khoj-ai/khoj/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-28T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-28T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-28T08:26:17.000Z",
"value": "VulDB entry last update"
}
],
"title": "khoj-ai khoj Conversation Sharing api_chat.py authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-13508",
"datePublished": "2026-06-28T21:45:10.327Z",
"dateReserved": "2026-06-28T06:21:13.647Z",
"dateUpdated": "2026-06-29T13:39:27.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-13484 (GCVE-0-2026-13484)
Vulnerability from cvelistv5 – Published: 2026-06-28 08:30 – Updated: 2026-06-30 18:36| URL | Tags |
|---|---|
| https://vuldb.com/vuln/374481 | vdb-entry |
| https://vuldb.com/vuln/374481/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-13484 | third-party-advisory |
| https://vuldb.com/submit/837658 | third-party-advisory |
| https://github.com/mlflow/mlflow/issues/23608 | exploitissue-tracking |
| https://github.com/mlflow/mlflow/issues/23608#iss… | issue-tracking |
| https://github.com/mlflow/mlflow/ | product |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-13484",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-30T18:36:05.327423Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T18:36:34.803Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/mlflow/mlflow/issues/23608#issuecomment-4560963877"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:mlflow:mlflow:*:*:*:*:*:*:*:*"
],
"modules": [
"Experiment-scoped Label Schema CRUD API"
],
"product": "MLflow",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "4666cffc7912ea606d592fc38d6a75e2935f65e7"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Dem00 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in MLflow up to 4666cffc7912ea606d592fc38d6a75e2935f65e7. The impacted element is an unknown function of the component Experiment-scoped Label Schema CRUD API. Such manipulation leads to missing authorization. It is possible to launch the attack remotely. A high complexity level is associated with this attack. The exploitability is regarded as difficult. The exploit has been disclosed to the public and may be used. A reply to the GitHub issue explains, that \"[t]he labeling schema PR has not been merged yet. The auth handlers will be added before the release.\""
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.6,
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-28T08:30:09.086Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-374481 | MLflow Experiment-scoped Label Schema CRUD API authorization",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/374481"
},
{
"name": "VDB-374481 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/374481/cti"
},
{
"name": "CVE-2026-13484 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-13484"
},
{
"name": "Submit #837658 | MLflow Unreleased development code in pull request #23607, commit 4666cffc7912ea606d592fc38d6a75e2935f65e7. No released MLflow version CWE-862 Missing Authorization",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/837658"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/mlflow/mlflow/issues/23608"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/mlflow/mlflow/issues/23608#issuecomment-4560963877"
},
{
"tags": [
"product"
],
"url": "https://github.com/mlflow/mlflow/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-27T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-27T17:50:11.000Z",
"value": "VulDB entry last update"
}
],
"title": "MLflow Experiment-scoped Label Schema CRUD API authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-13484",
"datePublished": "2026-06-28T08:30:09.086Z",
"dateReserved": "2026-06-27T15:45:07.800Z",
"dateUpdated": "2026-06-30T18:36:34.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-13238 (GCVE-0-2026-13238)
Vulnerability from cvelistv5 – Published: 2026-07-10 21:44 – Updated: 2026-07-13 18:00- CWE-863 - Incorrect Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| Drupal | Commerce Realex / Global Payments |
Affected:
0.0.0 , < 3.0.2
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-13238",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-13T18:00:05.316182Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-13T18:00:23.950Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.drupal.org/project/commerce_realex",
"product": "Commerce Realex / Global Payments",
"repo": "https://git.drupalcode.org/project/commerce_realex",
"vendor": "Drupal",
"versions": [
{
"lessThan": "3.0.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bill Seremetis (bserem)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Alan Burke (alanburke)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Bill Seremetis (bserem)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Jaime Seuma (jaims-dev)"
},
{
"lang": "en",
"type": "coordinator",
"value": "Greg Knaddison (greggles)"
},
{
"lang": "en",
"type": "coordinator",
"value": "Drew Webber (mcdruid)"
},
{
"lang": "en",
"type": "coordinator",
"value": "Juraj Nemec (poker10)"
}
],
"datePublic": "2026-06-24T18:40:07.000Z",
"descriptions": [
{
"lang": "en",
"value": "Incorrect Authorization vulnerability in Drupal Commerce Realex / Global Payments allows Forceful Browsing. This issue affects Commerce Realex / Global Payments versions: from 0.0.0 to 3.0.2."
}
],
"impacts": [
{
"capecId": "CAPEC-87",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-87 Forceful Browsing"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T21:44:51.275Z",
"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"shortName": "drupal"
},
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2026-058"
}
],
"title": "Commerce Realex / Global Payments - Moderately critical - Access Bypass - SA-CONTRIB-2026-058"
}
},
"cveMetadata": {
"assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"assignerShortName": "drupal",
"cveId": "CVE-2026-13238",
"datePublished": "2026-07-10T21:44:51.275Z",
"dateReserved": "2026-06-24T18:00:11.427Z",
"dateUpdated": "2026-07-13T18:00:23.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-13237 (GCVE-0-2026-13237)
Vulnerability from cvelistv5 – Published: 2026-07-10 21:44 – Updated: 2026-07-13 17:59- CWE-863 - Incorrect Authorization
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-13237",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-13T17:56:55.672795Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-13T17:59:44.338Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.drupal.org/project/ai_agents",
"product": "AI Agents",
"repo": "https://git.drupalcode.org/project/ai_agents",
"vendor": "Drupal",
"versions": [
{
"lessThan": "1.1.4",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "1.2.5",
"status": "affected",
"version": "1.2.0",
"versionType": "semver"
},
{
"lessThan": "1.3.1",
"status": "affected",
"version": "1.3.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrew Belcher (andrewbelcher)"
},
{
"lang": "en",
"type": "finder",
"value": "Rob Edwards (rob_e)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Andrew Belcher (andrewbelcher)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Marcus Johansson (marcus_johansson)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Rob Edwards (rob_e)"
},
{
"lang": "en",
"type": "coordinator",
"value": "Bram Driesen (bramdriesen)"
},
{
"lang": "en",
"type": "coordinator",
"value": "Greg Knaddison (greggles)"
},
{
"lang": "en",
"type": "coordinator",
"value": "Drew Webber (mcdruid)"
},
{
"lang": "en",
"type": "coordinator",
"value": "Juraj Nemec (poker10)"
}
],
"datePublic": "2026-06-24T18:39:24.000Z",
"descriptions": [
{
"lang": "en",
"value": "Incorrect Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1."
}
],
"impacts": [
{
"capecId": "CAPEC-87",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-87 Forceful Browsing"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T21:44:43.053Z",
"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"shortName": "drupal"
},
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2026-057"
}
],
"title": "AI Agents - Moderately critical - Information disclosure, Access bypass - SA-CONTRIB-2026-057"
}
},
"cveMetadata": {
"assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"assignerShortName": "drupal",
"cveId": "CVE-2026-13237",
"datePublished": "2026-07-10T21:44:43.053Z",
"dateReserved": "2026-06-24T18:00:10.666Z",
"dateUpdated": "2026-07-13T17:59:44.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-13232 (GCVE-0-2026-13232)
Vulnerability from cvelistv5 – Published: 2026-07-10 21:44 – Updated: 2026-07-13 18:04- CWE-863 - Incorrect Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| Drupal | Advanced Content Feedback (aka admin_feedback) |
Affected:
0.0.0 , < 2.8.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-13232",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-13T18:03:44.241707Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-13T18:04:11.237Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.drupal.org/project/admin_feedback",
"product": "Advanced Content Feedback (aka admin_feedback)",
"repo": "https://git.drupalcode.org/project/admin_feedback",
"vendor": "Drupal",
"versions": [
{
"lessThan": "2.8.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bill Seremetis (bserem)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Bill Seremetis (bserem)"
},
{
"lang": "en",
"type": "coordinator",
"value": "Greg Knaddison (greggles)"
},
{
"lang": "en",
"type": "coordinator",
"value": "Drew Webber (mcdruid)"
}
],
"datePublic": "2026-06-24T18:35:16.000Z",
"descriptions": [
{
"lang": "en",
"value": "Incorrect Authorization vulnerability in Drupal Advanced Content Feedback (aka admin_feedback) allows Forceful Browsing. This issue affects Advanced Content Feedback (aka admin_feedback) versions: from 0.0.0 to 2.8.0."
}
],
"impacts": [
{
"capecId": "CAPEC-87",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-87 Forceful Browsing"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T21:44:38.621Z",
"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"shortName": "drupal"
},
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2026-052"
}
],
"title": "Advanced Content Feedback (aka admin_feedback) - Moderately critical - Access bypass / Insecure Direct Object Reference (IDOR) - SA-CONTRIB-2026-052"
}
},
"cveMetadata": {
"assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"assignerShortName": "drupal",
"cveId": "CVE-2026-13232",
"datePublished": "2026-07-10T21:44:38.621Z",
"dateReserved": "2026-06-24T18:00:05.703Z",
"dateUpdated": "2026-07-13T18:04:11.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-13151 (GCVE-0-2026-13151)
Vulnerability from cvelistv5 – Published: 2026-07-08 20:46 – Updated: 2026-07-09 14:25- CWE-863 - Incorrect Authorization
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-13151",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T14:25:42.875527Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T14:25:51.832Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "18.11.7",
"status": "affected",
"version": "16.10",
"versionType": "semver"
},
{
"lessThan": "19.0.4",
"status": "affected",
"version": "19.0",
"versionType": "semver"
},
{
"lessThan": "19.1.2",
"status": "affected",
"version": "19.1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability has been discovered internally by GitLab team member zli"
}
],
"descriptions": [
{
"lang": "en",
"value": "GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to modify group-level settings beyond their intended permissions due to improper authorization controls."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T20:46:18.853Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/598813"
},
{
"url": "https://docs.gitlab.com/releases/patches/patch-release-gitlab-19-1-2-released/"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 18.11.7, 19.0.4, 19.1.2 or above."
}
],
"title": "Incorrect Authorization in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2026-13151",
"datePublished": "2026-07-08T20:46:18.853Z",
"dateReserved": "2026-06-24T10:43:58.146Z",
"dateUpdated": "2026-07-09T14:25:51.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12797 (GCVE-0-2026-12797)
Vulnerability from cvelistv5 – Published: 2026-06-21 09:15 – Updated: 2026-06-22 13:35| URL | Tags |
|---|---|
| https://vuldb.com/vuln/372559 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/372559/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-12797 | third-party-advisory |
| https://vuldb.com/submit/811288 | third-party-advisory |
| https://gist.github.com/YLChen-007/078179224f07cc… | exploit |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-12797",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-22T13:35:34.363730Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T13:35:44.784Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*"
],
"modules": [
"Completions Interface"
],
"product": "litellm",
"vendor": "BerriAI",
"versions": [
{
"status": "affected",
"version": "1.82.0"
},
{
"status": "affected",
"version": "1.82.1"
},
{
"status": "affected",
"version": "1.82.2"
},
{
"status": "affected",
"version": "1.82.3"
},
{
"status": "affected",
"version": "1.82.4"
},
{
"status": "affected",
"version": "1.82.5"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-c (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in BerriAI litellm up to 1.82.5. Affected is the function async_pre_call_hook of the file enterprise/enterprise_hooks/banned_keywords.py of the component Completions Interface. The manipulation of the argument prompt results in incorrect authorization. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-21T09:15:08.592Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-372559 | BerriAI litellm Completions banned_keywords.py async_pre_call_hook authorization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/372559"
},
{
"name": "VDB-372559 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/372559/cti"
},
{
"name": "CVE-2026-12797 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-12797"
},
{
"name": "Submit #811288 | litellm \u003c= 1.82.5 Incorrect Authorization (CWE-863)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/811288"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/YLChen-007/078179224f07cc4e39e4f141a18c817a"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-20T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-20T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-20T19:17:36.000Z",
"value": "VulDB entry last update"
}
],
"title": "BerriAI litellm Completions banned_keywords.py async_pre_call_hook authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-12797",
"datePublished": "2026-06-21T09:15:08.592Z",
"dateReserved": "2026-06-20T17:12:18.055Z",
"dateUpdated": "2026-06-22T13:35:44.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
- Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
- Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].
Mitigation MIT-4.4
Strategy: Libraries or Frameworks
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
- For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
- One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.
No CAPEC attack patterns related to this CWE.