CWE-639
AllowedAuthorization Bypass Through User-Controlled Key
Abstraction: Base · Status: Incomplete
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
3254 vulnerabilities reference this CWE, most recent first.
CVE-2026-28782 (GCVE-0-2026-28782)
Vulnerability from cvelistv5 – Published: 2026-03-04 16:36 – Updated: 2026-03-04 17:35- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://github.com/craftcms/cms/security/advisori… | x_refsource_CONFIRM |
| https://github.com/craftcms/cms/commit/fb61a91357… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28782",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-04T17:34:53.312489Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T17:35:08.922Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cms",
"vendor": "craftcms",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.0.0-RC1, \u003c 5.9.0-beta.1"
},
{
"status": "affected",
"version": "\u003e= 4.0.0-RC1, \u003c 4.17.0-beta.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Craft is a content management system (CMS). Prior to 5.9.0-beta.1 and 4.17.0-beta.1, the \"Duplicate\" entry action does not properly verify if the user has permission to perform this action on the specific target elements. Even with only \"View Entries\" permission (where the \"Duplicate\" action is restricted in the UI), a user can bypass this restriction by sending a direct request. Furthermore, this vulnerability allows duplicating other users\u0027 entries by specifying their Entry IDs. Since Entry IDs are incremental, an attacker can trivially brute-force these IDs to duplicate and access restricted content across the system. This vulnerability is fixed in 5.9.0-beta.1 and 4.17.0-beta.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T16:36:49.511Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/craftcms/cms/security/advisories/GHSA-jxm3-pmm2-9gf6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/craftcms/cms/security/advisories/GHSA-jxm3-pmm2-9gf6"
},
{
"name": "https://github.com/craftcms/cms/commit/fb61a91357f5761c852400185ba931f51d82783d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/craftcms/cms/commit/fb61a91357f5761c852400185ba931f51d82783d"
}
],
"source": {
"advisory": "GHSA-jxm3-pmm2-9gf6",
"discovery": "UNKNOWN"
},
"title": "Craft has a Permission Bypass and IDOR in Duplicate Entry Action"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28782",
"datePublished": "2026-03-04T16:36:49.511Z",
"dateReserved": "2026-03-03T14:25:19.244Z",
"dateUpdated": "2026-03-04T17:35:08.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28781 (GCVE-0-2026-28781)
Vulnerability from cvelistv5 – Published: 2026-03-04 16:31 – Updated: 2026-03-04 17:36| URL | Tags |
|---|---|
| https://github.com/craftcms/cms/security/advisori… | x_refsource_CONFIRM |
| https://github.com/craftcms/cms/commit/830b403870… | x_refsource_MISC |
| https://github.com/craftcms/cms/commit/c6dcbdffaf… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28781",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-04T17:36:36.759532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T17:36:52.722Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cms",
"vendor": "craftcms",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.0.0-RC1, \u003c 5.9.0-beta.1"
},
{
"status": "affected",
"version": "\u003e= 4.0.0-RC1, \u003c 4.17.0-beta.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Craft is a content management system (CMS). Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the entry creation process allows for Mass Assignment of the authorId attribute. A user with \"Create Entries\" permission can inject the authorIds[] (or authorId) parameter into the POST request, which the backend processes without verifying if the current user is authorized to assign authorship to others. Normally, this field is not present in the request for users without the necessary permissions. By manually adding this parameter, an attacker can attribute the new entry to any user, including Admins. This effectively \"spoofs\" the authorship. This vulnerability is fixed in 4.17.0-beta.1 and 5.9.0-beta.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-915",
"description": "CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T16:31:39.357Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/craftcms/cms/security/advisories/GHSA-2xfc-g69j-x2mp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/craftcms/cms/security/advisories/GHSA-2xfc-g69j-x2mp"
},
{
"name": "https://github.com/craftcms/cms/commit/830b403870cd784b47ae42a3f5a16e7ac2d7f5a8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/craftcms/cms/commit/830b403870cd784b47ae42a3f5a16e7ac2d7f5a8"
},
{
"name": "https://github.com/craftcms/cms/commit/c6dcbdffaf6ab3ffe77d317336684d83699f4542",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/craftcms/cms/commit/c6dcbdffaf6ab3ffe77d317336684d83699f4542"
}
],
"source": {
"advisory": "GHSA-2xfc-g69j-x2mp",
"discovery": "UNKNOWN"
},
"title": "Craft Affected by Entries Authorship Spoofing via Mass Assignment"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28781",
"datePublished": "2026-03-04T16:31:39.357Z",
"dateReserved": "2026-03-03T14:25:19.244Z",
"dateUpdated": "2026-03-04T17:36:52.722Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28747 (GCVE-0-2026-28747)
Vulnerability from cvelistv5 – Published: 2026-04-27 22:44 – Updated: 2026-04-28 14:35| Vendor | Product | Version | |
|---|---|---|---|
| Milesight | MS-Cxx63-PD |
Affected:
0 , ≤ 51.7.0.77-r12
(custom)
|
|
| Milesight | MS-Cxx64-xPD |
Affected:
0 , ≤ 51.7.0.77-r12
(custom)
|
|
| Milesight | MS-Cxx73-xPD |
Affected:
0 , ≤ 51.7.0.77-r12
(custom)
|
|
| Milesight | MS-Cxx75-xxPD |
Affected:
0 , ≤ 51.7.0.77-r12
(custom)
|
|
| Milesight | MS-Cxx83-xPD |
Affected:
0 , ≤ 51.7.0.77-r12
(custom)
|
|
| Milesight | MS-Cxx74-PA |
Affected:
0 , ≤ 3x.8.0.3-r11
(custom)
|
|
| Milesight | MS-C8477-HPG1 |
Affected:
0 , ≤ 63.8.0.4-r3
(custom)
|
|
| Milesight | MS-C8477-PC |
Affected:
0 , ≤ 48.8.0.4-r3
(custom)
|
|
| Milesight | MS-C5321-FPE |
Affected:
0 , ≤ 62.8.0.4-r5
(custom)
|
|
| Milesight | MS-Cxx72-xxxPE |
Affected:
0 , ≤ 61.8.0.5-r2
(custom)
|
|
| Milesight | MS-Cxx62-xxxPE |
Affected:
0 , ≤ 61.8.0.5-r2
(custom)
|
|
| Milesight | MS-Cxx52-xxxPE |
Affected:
0 , ≤ 61.8.0.5-r2
(custom)
|
|
| Milesight | MS-Cxx66-xxxPE |
Affected:
0 , ≤ 61.8.0.5-r2
(custom)
|
|
| Milesight | MS-Cxx66-xxxGPE |
Affected:
0 , ≤ 61.8.0.5-r2
(custom)
|
|
| Milesight | MS-Cxx61-xxxPE |
Affected:
0 , ≤ 61.8.0.5-r2
(custom)
|
|
| Milesight | MS-Cxx67-xxxPE |
Affected:
0 , ≤ 61.8.0.5-r2
(custom)
|
|
| Milesight | MS-Cxx71-xxxPE |
Affected:
0 , ≤ 61.8.0.5-r2
(custom)
|
|
| Milesight | MS-Cxx41-xxxPE |
Affected:
0 , ≤ 61.8.0.5-r2
(custom)
|
|
| Milesight | MS-Cxx76-PE |
Affected:
0 , ≤ 61.8.0.5-r2
(custom)
|
|
| Milesight | MS-Cxx65-PE |
Affected:
0 , ≤ 61.8.0.5-r2
(custom)
|
|
| Milesight | MS-Cxx66-xxxG1 |
Affected:
0 , ≤ 63.8.0.5-r3
(custom)
|
|
| Milesight | MS-Cxx62-xxxG1 |
Affected:
0 , ≤ 63.8.0.5-r3
(custom)
|
|
| Milesight | MS-Cxx72-xxxG1 |
Affected:
0 , ≤ 63.8.0.5-r3
(custom)
|
|
| Milesight | MS-CQxx31-xxxG1 |
Affected:
0 , ≤ CQ_63.8.0.5-r1
(custom)
|
|
| Milesight | MS-CQxx68-xxxG1 |
Affected:
0 , ≤ CQ_63.8.0.5-r1
(custom)
|
|
| Milesight | MS-CQxx72-xxxG1 |
Affected:
0 , ≤ CQ_63.8.0.5-r1
(custom)
|
|
| Milesight | MS-Nxxxx-NxE |
Affected:
0 , ≤ 7x.9.0.19-r5
(custom)
|
|
| Milesight | MS-Nxxxx-xxC |
Affected:
0 , ≤ 7x.9.0.19-r5
(custom)
|
|
| Milesight | MS-Nxxxx-xxE |
Affected:
0 , ≤ 7x.9.0.19-r5
(custom)
|
|
| Milesight | MS-Nxxxx-xxG |
Affected:
0 , ≤ 7x.9.0.19-r5
(custom)
|
|
| Milesight | MS-Nxxxx-xxH |
Affected:
0 , ≤ 7x.9.0.19-r5
(custom)
|
|
| Milesight | MS-Nxxxx-xxT |
Affected:
0 , ≤ 7x.9.0.19-r5
(custom)
|
|
| Milesight | PMC8266-FPE |
Affected:
0 , ≤ PO_61.8.0.4_LPR
(custom)
|
|
| Milesight | PMC8266-FGPE |
Affected:
0 , ≤ PO_61.8.0.4_LPR
(custom)
|
|
| Milesight | PM3322-E |
Affected:
0 , ≤ PI_61.8.0.3_LPR-r3
(custom)
|
|
| Milesight | TS4466-X4RIPG1 |
Affected:
0 , ≤ T_63.8.0.4_LPR-r3
(custom)
|
|
| Milesight | TS5366-X12RIPG1 |
Affected:
0 , ≤ T_63.8.0.4_LPR-r3
(custom)
|
|
| Milesight | TS8266-X4RIPG1 |
Affected:
0 , ≤ T_63.8.0.4_LPR-r3
(custom)
|
|
| Milesight | TS4466-X4RIVPG1 |
Affected:
0 , ≤ T_63.8.0.4_LPR-r3
(custom)
|
|
| Milesight | TS4466-RFIVPG1 |
Affected:
0 , ≤ T_63.8.0.4_LPR-r3
(custom)
|
|
| Milesight | TS8266-X4RIVPG1 |
Affected:
0 , ≤ T_63.8.0.4_LPR-r3
(custom)
|
|
| Milesight | TS8266-RFIVPG1 |
Affected:
0 , ≤ T_63.8.0.4_LPR-r3
(custom)
|
|
| Milesight | TS4466-X4RIWG1 |
Affected:
0 , ≤ T_63.8.0.4_LPR-r3
(custom)
|
|
| Milesight | TS8266-X4RIWG1 |
Affected:
0 , ≤ T_63.8.0.4_LPR-r3
(custom)
|
|
| Milesight | TS5510-GVH |
Affected:
0 , ≤ T_47.8.0.4_LPR-r7
(custom)
|
|
| Milesight | TS5510-GH |
Affected:
0 , ≤ T_47.8.0.4_LPR-r6
(custom)
|
|
| Milesight | TS5511-GVH |
Affected:
0 , ≤ T_47.8.0.4_LPR-r6
(custom)
|
|
| Milesight | TS2966-X12TPE |
Affected:
0 , ≤ T_61.8.0.4_LPR-r3
(custom)
|
|
| Milesight | TS4466-X4RPE |
Affected:
0 , ≤ T_61.8.0.4_LPR-r3
(custom)
|
|
| Milesight | TS5366-X12PE |
Affected:
0 , ≤ T_61.8.0.4_LPR-r3
(custom)
|
|
| Milesight | TS8266-X4PE |
Affected:
0 , ≤ T_61.8.0.4_LPR-r3
(custom)
|
|
| Milesight | TS2966-X12TVPE |
Affected:
0 , ≤ T_61.8.0.4_LPR-r3
(custom)
|
|
| Milesight | TS4466-X4RVPE |
Affected:
0 , ≤ T_61.8.0.4_LPR-r3
(custom)
|
|
| Milesight | TS5366-X12VPE |
Affected:
0 , ≤ T_61.8.0.4_LPR-r3
(custom)
|
|
| Milesight | TS8266-X4VPE |
Affected:
0 , ≤ T_61.8.0.4_LPR-r3
(custom)
|
|
| Milesight | TS4441-X36RPE |
Affected:
0 , ≤ T_61.8.0.4_LPR-r3
(custom)
|
|
| Milesight | TS4441-X36RE |
Affected:
0 , ≤ T_61.8.0.4_LPR-r3
(custom)
|
|
| Milesight | TS4466-X4RWE |
Affected:
0 , ≤ T_61.8.0.4_LPR-r3
(custom)
|
|
| Milesight | TS8266-X4WE |
Affected:
0 , ≤ T_61.8.0.4_LPR-r3
(custom)
|
|
| Milesight | MS-C2964-RFLPC |
Affected:
0 , ≤ T_45.8.0.3-r9
(custom)
|
|
| Milesight | MS-C2972-RFLPC |
Affected:
0 , ≤ T_45.8.0.3-r9
(custom)
|
|
| Milesight | MS-C2966-RFLWPC |
Affected:
0 , ≤ T_45.8.0.3-r9
(custom)
|
|
| Milesight | TS2866-X4TPC |
Affected:
0 , ≤ T_45.8.0.3-r9
(custom)
|
|
| Milesight | TS2866-X4TVPC |
Affected:
0 , ≤ T_45.8.0.3-r9
(custom)
|
|
| Milesight | TS2866-X4TGPC |
Affected:
0 , ≤ T_45.8.0.3-r9
(custom)
|
|
| Milesight | TS2841-X36TPC |
Affected:
0 , ≤ T_45.8.0.3-r9
(custom)
|
|
| Milesight | TS2841-X36TPC/W |
Affected:
0 , ≤ T_45.8.0.3-r9
(custom)
|
|
| Milesight | TS2867-X5TPC |
Affected:
0 , ≤ T_45.8.0.3-r9
(custom)
|
|
| Milesight | TS2961-X12TPC |
Affected:
0 , ≤ T_45.8.0.3-r9
(custom)
|
|
| Milesight | TS8266-FPC/P |
Affected:
0 , ≤ T_45.8.0.3-r9
(custom)
|
|
| Milesight | MS-C2966-X12RLPC |
Affected:
0 , ≤ T_45.8.0.3-r9
(custom)
|
|
| Milesight | MS-C2966-X12RLVPC |
Affected:
0 , ≤ T_45.8.0.3-r9
(custom)
|
|
| Milesight | MS-C5366-X12LPC |
Affected:
0 , ≤ T_45.8.0.3-r9
(custom)
|
|
| Milesight | MS-C5366-X12LVPC |
Affected:
0 , ≤ T_45.8.0.3-r9
(custom)
|
|
| Milesight | MS-C5361-X12LPC |
Affected:
0 , ≤ T_45.8.0.3-r9
(custom)
|
|
| Milesight | MS-Cxx66-xxxxGOPC |
Affected:
0 , ≤ 45.8.0.2-AIoT-r4
(custom)
|
|
| Milesight | SC211 |
Affected:
0 , ≤ C_21.1.0.8-r4
(custom)
|
|
| Milesight | SP111 |
Affected:
0 , ≤ 52.8.0.4-r5
(custom)
|
|
| Milesight | MS-Cxx66-RFIPKG1 |
Affected:
0 , ≤ 63.8.0.4-r1-NX
(custom)
|
|
| Milesight | MS-Cxx72-RFIPKG1 |
Affected:
0 , ≤ 63.8.0.4-r1-NX
(custom)
|
|
| Milesight | MS-Cxx66-FIPKG1 |
Affected:
0 , ≤ 63.8.0.4-r1-NX
(custom)
|
|
| Milesight | MS-Cxx72-FIPKG1 |
Affected:
0 , ≤ 63.8.0.4-r1-NX
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28747",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-28T13:40:48.550832Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T14:35:33.191Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MS-Cxx63-PD",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "51.7.0.77-r12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx64-xPD",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "51.7.0.77-r12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx73-xPD",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "51.7.0.77-r12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx75-xxPD",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "51.7.0.77-r12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx83-xPD",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "51.7.0.77-r12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx74-PA",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "3x.8.0.3-r11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-C8477-HPG1",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "63.8.0.4-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-C8477-PC",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "48.8.0.4-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-C5321-FPE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "62.8.0.4-r5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx72-xxxPE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "61.8.0.5-r2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx62-xxxPE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "61.8.0.5-r2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx52-xxxPE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "61.8.0.5-r2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx66-xxxPE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "61.8.0.5-r2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx66-xxxGPE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "61.8.0.5-r2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx61-xxxPE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "61.8.0.5-r2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx67-xxxPE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "61.8.0.5-r2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx71-xxxPE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "61.8.0.5-r2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx41-xxxPE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "61.8.0.5-r2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx76-PE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "61.8.0.5-r2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx65-PE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "61.8.0.5-r2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx66-xxxG1",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "63.8.0.5-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx62-xxxG1",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "63.8.0.5-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx72-xxxG1",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "63.8.0.5-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-CQxx31-xxxG1",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "CQ_63.8.0.5-r1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-CQxx68-xxxG1",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "CQ_63.8.0.5-r1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-CQxx72-xxxG1",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "CQ_63.8.0.5-r1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Nxxxx-NxE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "7x.9.0.19-r5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Nxxxx-xxC",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "7x.9.0.19-r5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Nxxxx-xxE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "7x.9.0.19-r5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Nxxxx-xxG",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "7x.9.0.19-r5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Nxxxx-xxH",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "7x.9.0.19-r5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Nxxxx-xxT",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "7x.9.0.19-r5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PMC8266-FPE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "PO_61.8.0.4_LPR",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PMC8266-FGPE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "PO_61.8.0.4_LPR",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PM3322-E",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "PI_61.8.0.3_LPR-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS4466-X4RIPG1",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_63.8.0.4_LPR-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS5366-X12RIPG1",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_63.8.0.4_LPR-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS8266-X4RIPG1",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_63.8.0.4_LPR-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS4466-X4RIVPG1",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_63.8.0.4_LPR-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS4466-RFIVPG1",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_63.8.0.4_LPR-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS8266-X4RIVPG1",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_63.8.0.4_LPR-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS8266-RFIVPG1",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_63.8.0.4_LPR-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS4466-X4RIWG1",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_63.8.0.4_LPR-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS8266-X4RIWG1",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_63.8.0.4_LPR-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS5510-GVH",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_47.8.0.4_LPR-r7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS5510-GH",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_47.8.0.4_LPR-r6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS5511-GVH",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_47.8.0.4_LPR-r6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS2966-X12TPE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_61.8.0.4_LPR-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS4466-X4RPE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_61.8.0.4_LPR-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS5366-X12PE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_61.8.0.4_LPR-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS8266-X4PE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_61.8.0.4_LPR-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS2966-X12TVPE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_61.8.0.4_LPR-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS4466-X4RVPE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_61.8.0.4_LPR-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS5366-X12VPE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_61.8.0.4_LPR-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS8266-X4VPE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_61.8.0.4_LPR-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS4441-X36RPE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_61.8.0.4_LPR-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS4441-X36RE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_61.8.0.4_LPR-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS4466-X4RWE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_61.8.0.4_LPR-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS8266-X4WE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_61.8.0.4_LPR-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-C2964-RFLPC",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_45.8.0.3-r9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-C2972-RFLPC",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_45.8.0.3-r9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-C2966-RFLWPC",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_45.8.0.3-r9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS2866-X4TPC",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_45.8.0.3-r9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS2866-X4TVPC",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_45.8.0.3-r9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS2866-X4TGPC",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_45.8.0.3-r9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS2841-X36TPC",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_45.8.0.3-r9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS2841-X36TPC/W",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_45.8.0.3-r9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS2867-X5TPC",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_45.8.0.3-r9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS2961-X12TPC",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_45.8.0.3-r9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS8266-FPC/P",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_45.8.0.3-r9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-C2966-X12RLPC",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_45.8.0.3-r9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-C2966-X12RLVPC",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_45.8.0.3-r9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-C5366-X12LPC",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_45.8.0.3-r9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-C5366-X12LVPC",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_45.8.0.3-r9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-C5361-X12LPC",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_45.8.0.3-r9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx66-xxxxGOPC",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "45.8.0.2-AIoT-r4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SC211",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "C_21.1.0.8-r4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SP111",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "52.8.0.4-r5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx66-RFIPKG1",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "63.8.0.4-r1-NX",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx72-RFIPKG1",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "63.8.0.4-r1-NX",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx66-FIPKG1",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "63.8.0.4-r1-NX",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx72-FIPKG1",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "63.8.0.4-r1-NX",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Souvik Kandar reported these vulnerabilities to CISA"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras allows authorization to be bypassed.\u0026nbsp;"
}
],
"value": "A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras allows authorization to be bypassed."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T23:31:53.318Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-03"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-113-03.json"
},
{
"url": "https://www.milesight.com/support/download/firmware"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMilesight advises all users to update their device to the latest firmware versions of PE/PC/PA found at https://www.milesight.com/support/download/firmware.\u0026nbsp;\u003cbr\u003e\u003ca href=\"https://www.milesight.com/support/download/firmware\" title=\"(opens in a new window)\"\u003ehttps://www.milesight.com/support/download/firmware\u003c/a\u003e\u003c/p\u003e\u003cp\u003eMS-Cxx63-PD: Update to 51.7.0.77-r13\u003c/p\u003e\u003cp\u003eMS-Cxx64-xPD: Update to 51.7.0.77-r13\u003c/p\u003e\u003cp\u003eMS-Cxx73-xPD: Update to 51.7.0.77-r13\u003c/p\u003e\u003cp\u003eMS-Cxx75-xxPD: Update to 51.7.0.77-r13\u003c/p\u003e\u003cp\u003eMS-Cxx83-xPD: Update to 51.7.0.77-r13\u003c/p\u003e\u003cp\u003eMS-Cxx74-PA: Update to 3x.8.0.3-r13\u003c/p\u003e\u003cp\u003eMS-C8477-HPG1: Update to 63.8.0.4-r4\u003c/p\u003e\u003cp\u003e\u0026nbsp;MS-C8477-PC: Update to 48.8.0.4-r4\u003c/p\u003e\u003cp\u003eMS-C5321-FPE: Update to 62.8.0.4-r6\u003c/p\u003e\u003cp\u003eMS-Cxx72-xxxPE: Update to 61.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Cxx62-xxxPE: Update to 61.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Cxx52-xxxPE: Update to 61.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Cxx66-xxxPE: Update to 61.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Cxx66-xxxGPE: Update to 61.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Cxx61-xxxPE: Update to 61.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Cxx67-xxxPE: Update to 61.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Cxx71-xxxPE: Update to 61.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Cxx41-xxxPE: Update to 61.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Cxx76-PE: Update to 61.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Cxx65-PE: Update to 61.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Cxx66-xxxG1: Update to 63.8.0.5-r4\u003c/p\u003e\u003cp\u003eMS-Cxx62-xxxG1: Update to 63.8.0.5-r4\u003c/p\u003e\u003cp\u003eMS-Cxx72-xxxG1: Update to 63.8.0.5-r4\u003c/p\u003e\u003cp\u003eMS-CQxx31-xxxG1: Update to CQ_63.8.0.5-r2\u0026nbsp;\u003c/p\u003e\u003cp\u003eMS-CQxx68-xxxG1: Update to CQ_63.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-CQxx72-xxxG1: Update to CQ_63.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Nxxxx-NxE: Update to 7x.9.0.19-r6\u003c/p\u003e\u003cp\u003eMS-Nxxxx-xxC: Update to 7x.9.0.19-r6\u003c/p\u003e\u003cp\u003eMS-Nxxxx-xxE: Update to 7x.9.0.19-r6\u003c/p\u003e\u003cp\u003eMS-Nxxxx-xxG: Update to 7x.9.0.19-r6\u003c/p\u003e\u003cp\u003eMS-Nxxxx-xxH: Update to 7x.9.0.19-r6\u003c/p\u003e\u003cp\u003eMS-Nxxxx-xxT: Update to 7x.9.0.19-r6\u003c/p\u003e\u003cp\u003ePMC8266-FPE: Update to PO_61.8.0.4-r1\u003c/p\u003e\u003cp\u003ePMC8266-FGPE: Update to PO_61.8.0.4-r1\u003c/p\u003e\u003cp\u003ePM3322-E: Update to PI_61.8.0.3-r5\u003c/p\u003e\u003cp\u003eTS4466-X4RIPG1: Update to T_63.8.0.4-r4\u0026nbsp;\u003c/p\u003e\u003cp\u003eTS5366-X12RIPG1: Update to T_63.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS8266-X4RIPG1: Update to T_63.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS4466-X4RIVPG1: Update to T_63.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS4466-RFIVPG1: Update to T_63.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS8266-X4RIVPG1: Update to T_63.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS8266-RFIVPG1: Update to T_63.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS4466-X4RIWG1: Update to T_63.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS8266-X4RIWG1: Update to T_63.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS5510-GVH: Update to T_47.8.0.4-r8\u003c/p\u003e\u003cp\u003eTS5510-GH: Update to T_47.8.0.4-r8\u003c/p\u003e\u003cp\u003eTS5511-GVH: Update to T_47.8.0.4-r8\u003c/p\u003e\u003cp\u003eTS2966-X12TPE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS4466-X4RPE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS5366-X12PE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS8266-X4PE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS2966-X12TVPE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS4466-X4RVPE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS5366-X12VPE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS8266-X4VPE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS4441-X36RPE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS4441-X36RE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS4466-X4RWE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS8266-X4WE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eMS-C2964-RFLPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eMS-C2972-RFLPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eMS-C2966-RFLWPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eTS2866-X4TPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eTS2866-X4TVPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eTS2866-X4TGPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eTS2841-X36TPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eTS2841-X36TPC/W: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eTS2867-X5TPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eTS2961-X12TPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eTS8266-FPC/P: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eMS-C2966-X12RLPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eMS-C2966-X12RLVPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eMS-C5366-X12LPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eMS-C5366-X12LVPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eMS-C5361-X12LPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eMS-Cxx66-xxxxGOPC: Update to 45.8.0.2-AIoT-r5\u003c/p\u003e\u003cp\u003eSC211: Update to C_21.1.0.8-r5\u003c/p\u003e\u003cp\u003eSP111: Update to 52.8.0.4-r6\u003c/p\u003e\u003cp\u003eMS-Cxx66-RFIPKG1: Update to 63.8.0.5-r2-NX\u003c/p\u003e\u003cp\u003eMS-Cxx72-RFIPKG1: Update to 63.8.0.5-r2-NX\u003c/p\u003e\u003cp\u003eMS-Cxx66-FIPKG1: Update to 63.8.0.5-r2-NX\u003c/p\u003e\u003cp\u003eMS-Cxx72-FIPKG1: Update to 63.8.0.5-r2-NX\u003c/p\u003e"
}
],
"value": "Milesight advises all users to update their device to the latest firmware versions of PE/PC/PA found at https://www.milesight.com/support/download/firmware.\u00a0\n https://www.milesight.com/support/download/firmware \n\nMS-Cxx63-PD: Update to 51.7.0.77-r13\n\nMS-Cxx64-xPD: Update to 51.7.0.77-r13\n\nMS-Cxx73-xPD: Update to 51.7.0.77-r13\n\nMS-Cxx75-xxPD: Update to 51.7.0.77-r13\n\nMS-Cxx83-xPD: Update to 51.7.0.77-r13\n\nMS-Cxx74-PA: Update to 3x.8.0.3-r13\n\nMS-C8477-HPG1: Update to 63.8.0.4-r4\n\n\u00a0MS-C8477-PC: Update to 48.8.0.4-r4\n\nMS-C5321-FPE: Update to 62.8.0.4-r6\n\nMS-Cxx72-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx62-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx52-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx66-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx66-xxxGPE: Update to 61.8.0.5-r2\n\nMS-Cxx61-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx67-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx71-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx41-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx76-PE: Update to 61.8.0.5-r2\n\nMS-Cxx65-PE: Update to 61.8.0.5-r2\n\nMS-Cxx66-xxxG1: Update to 63.8.0.5-r4\n\nMS-Cxx62-xxxG1: Update to 63.8.0.5-r4\n\nMS-Cxx72-xxxG1: Update to 63.8.0.5-r4\n\nMS-CQxx31-xxxG1: Update to CQ_63.8.0.5-r2\u00a0\n\nMS-CQxx68-xxxG1: Update to CQ_63.8.0.5-r2\n\nMS-CQxx72-xxxG1: Update to CQ_63.8.0.5-r2\n\nMS-Nxxxx-NxE: Update to 7x.9.0.19-r6\n\nMS-Nxxxx-xxC: Update to 7x.9.0.19-r6\n\nMS-Nxxxx-xxE: Update to 7x.9.0.19-r6\n\nMS-Nxxxx-xxG: Update to 7x.9.0.19-r6\n\nMS-Nxxxx-xxH: Update to 7x.9.0.19-r6\n\nMS-Nxxxx-xxT: Update to 7x.9.0.19-r6\n\nPMC8266-FPE: Update to PO_61.8.0.4-r1\n\nPMC8266-FGPE: Update to PO_61.8.0.4-r1\n\nPM3322-E: Update to PI_61.8.0.3-r5\n\nTS4466-X4RIPG1: Update to T_63.8.0.4-r4\u00a0\n\nTS5366-X12RIPG1: Update to T_63.8.0.4-r4\n\nTS8266-X4RIPG1: Update to T_63.8.0.4-r4\n\nTS4466-X4RIVPG1: Update to T_63.8.0.4-r4\n\nTS4466-RFIVPG1: Update to T_63.8.0.4-r4\n\nTS8266-X4RIVPG1: Update to T_63.8.0.4-r4\n\nTS8266-RFIVPG1: Update to T_63.8.0.4-r4\n\nTS4466-X4RIWG1: Update to T_63.8.0.4-r4\n\nTS8266-X4RIWG1: Update to T_63.8.0.4-r4\n\nTS5510-GVH: Update to T_47.8.0.4-r8\n\nTS5510-GH: Update to T_47.8.0.4-r8\n\nTS5511-GVH: Update to T_47.8.0.4-r8\n\nTS2966-X12TPE: Update to T_61.8.0.4-r4\n\nTS4466-X4RPE: Update to T_61.8.0.4-r4\n\nTS5366-X12PE: Update to T_61.8.0.4-r4\n\nTS8266-X4PE: Update to T_61.8.0.4-r4\n\nTS2966-X12TVPE: Update to T_61.8.0.4-r4\n\nTS4466-X4RVPE: Update to T_61.8.0.4-r4\n\nTS5366-X12VPE: Update to T_61.8.0.4-r4\n\nTS8266-X4VPE: Update to T_61.8.0.4-r4\n\nTS4441-X36RPE: Update to T_61.8.0.4-r4\n\nTS4441-X36RE: Update to T_61.8.0.4-r4\n\nTS4466-X4RWE: Update to T_61.8.0.4-r4\n\nTS8266-X4WE: Update to T_61.8.0.4-r4\n\nMS-C2964-RFLPC: Update to T_45.8.0.3-r10\n\nMS-C2972-RFLPC: Update to T_45.8.0.3-r10\n\nMS-C2966-RFLWPC: Update to T_45.8.0.3-r10\n\nTS2866-X4TPC: Update to T_45.8.0.3-r10\n\nTS2866-X4TVPC: Update to T_45.8.0.3-r10\n\nTS2866-X4TGPC: Update to T_45.8.0.3-r10\n\nTS2841-X36TPC: Update to T_45.8.0.3-r10\n\nTS2841-X36TPC/W: Update to T_45.8.0.3-r10\n\nTS2867-X5TPC: Update to T_45.8.0.3-r10\n\nTS2961-X12TPC: Update to T_45.8.0.3-r10\n\nTS8266-FPC/P: Update to T_45.8.0.3-r10\n\nMS-C2966-X12RLPC: Update to T_45.8.0.3-r10\n\nMS-C2966-X12RLVPC: Update to T_45.8.0.3-r10\n\nMS-C5366-X12LPC: Update to T_45.8.0.3-r10\n\nMS-C5366-X12LVPC: Update to T_45.8.0.3-r10\n\nMS-C5361-X12LPC: Update to T_45.8.0.3-r10\n\nMS-Cxx66-xxxxGOPC: Update to 45.8.0.2-AIoT-r5\n\nSC211: Update to C_21.1.0.8-r5\n\nSP111: Update to 52.8.0.4-r6\n\nMS-Cxx66-RFIPKG1: Update to 63.8.0.5-r2-NX\n\nMS-Cxx72-RFIPKG1: Update to 63.8.0.5-r2-NX\n\nMS-Cxx66-FIPKG1: Update to 63.8.0.5-r2-NX\n\nMS-Cxx72-FIPKG1: Update to 63.8.0.5-r2-NX"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMilesight asks all users to report potential security vulnerabilities to security@milesight.com.\u003cbr\u003e\u003ca href=\"mailto:security@milesight.com\"\u003emailto:security@milesight.com\u003c/a\u003e\u003cbr\u003eLearn more: Milesight Vulnerability Reporting Policy\u003cbr\u003e\u003ca href=\"https://www.milesight.com/legal/vulnerability-report\" title=\"(opens in a new window)\"\u003ehttps://www.milesight.com/legal/vulnerability-report\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "Milesight asks all users to report potential security vulnerabilities to security@milesight.com.\n mailto:security@milesight.com \nLearn more: Milesight Vulnerability Reporting Policy\n https://www.milesight.com/legal/vulnerability-report"
}
],
"source": {
"advisory": "ICSA-26-113-03",
"discovery": "EXTERNAL"
},
"title": "Milesight Cameras Authorization Bypass Through User-Controlled Key",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-28747",
"datePublished": "2026-04-27T22:44:52.012Z",
"dateReserved": "2026-03-12T17:51:09.913Z",
"dateUpdated": "2026-04-28T14:35:33.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28740 (GCVE-0-2026-28740)
Vulnerability from cvelistv5 – Published: 2026-07-03 20:19 – Updated: 2026-07-07 16:58| URL | Tags |
|---|---|
| https://github.com/go-gitea/gitea/security/adviso… | vendor-advisory |
| https://github.com/go-gitea/gitea/pull/38050 | patch |
| https://github.com/go-gitea/gitea/releases/tag/v1.26.3 | release-notes |
| https://blog.gitea.com/release-of-1.26.3-and-1.26.4/ | release-notes |
| Vendor | Product | Version | |
|---|---|---|---|
| Gitea | Gitea Open Source Git Server |
Affected:
0 , ≤ 1.26.2
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28740",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-07T13:47:46.184675Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-07T16:58:26.934Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gitea Open Source Git Server",
"vendor": "Gitea",
"versions": [
{
"lessThanOrEqual": "1.26.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "m2hcz"
}
],
"descriptions": [
{
"lang": "en",
"value": "Gitea versions up to and including 1.26.2 allow Git LFS object reuse to authorize private source objects for users who have repository access but lack Code-unit access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T20:19:39.687Z",
"orgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"shortName": "Gitea"
},
"references": [
{
"name": "GitHub Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/go-gitea/gitea/security/advisories/GHSA-2m9v-5q2g-58vq"
},
{
"name": "GitHub Pull Request #38050",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/38050"
},
{
"name": "Gitea v1.26.3 Release",
"tags": [
"release-notes"
],
"url": "https://github.com/go-gitea/gitea/releases/tag/v1.26.3"
},
{
"name": "Gitea v1.26.4 Release Blog Post",
"tags": [
"release-notes"
],
"url": "https://blog.gitea.com/release-of-1.26.3-and-1.26.4/"
}
],
"title": "Gitea LFS object reuse bypasses Code-unit authorization",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"assignerShortName": "Gitea",
"cveId": "CVE-2026-28740",
"datePublished": "2026-07-03T20:19:39.687Z",
"dateReserved": "2026-03-03T03:25:59.982Z",
"dateUpdated": "2026-07-07T16:58:26.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28736 (GCVE-0-2026-28736)
Vulnerability from cvelistv5 – Published: 2026-04-03 13:25 – Updated: 2026-04-03 14:54 Unsupported When Assigned- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://github.com/mattermost-community/focalboard | product |
| Vendor | Product | Version | |
|---|---|---|---|
| Mattermost | Focalboard |
Affected:
0 , ≤ 8.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28736",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-03T14:53:54.422014Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T14:54:37.869Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Focalboard",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "8.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Siam Thanat Hack Company Limited"
}
],
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to validate file ownership when serving uploaded files. This allows an authenticated attacker who knows a victim\u0027s fileID to read the content of the file. NOTE: Focalboard as a standalone product is not maintained and no fix will be issued."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T13:25:53.399Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"name": "Focalboard Repository (Unmaintained)",
"tags": [
"product"
],
"url": "https://github.com/mattermost-community/focalboard"
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned"
],
"title": "Focalboard IDOR in file content endpoint allows cross-user file access (unsupported product, no fix)"
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2026-28736",
"datePublished": "2026-04-03T13:25:53.399Z",
"dateReserved": "2026-04-03T13:10:59.177Z",
"dateUpdated": "2026-04-03T14:54:37.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28696 (GCVE-0-2026-28696)
Vulnerability from cvelistv5 – Published: 2026-03-04 16:21 – Updated: 2026-03-04 18:00- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://github.com/craftcms/cms/security/advisori… | x_refsource_CONFIRM |
| https://github.com/craftcms/cms/commit/4d98a07e47… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28696",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-04T18:00:48.225156Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T18:00:59.824Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cms",
"vendor": "craftcms",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.0.0-RC1, \u003c 4.17.0-beta.1"
},
{
"status": "affected",
"version": "\u003e= 5.0.0-RC1, \u003c 5.9.0-beta.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Craft is a content management system (CMS). Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the GraphQL directive @parseRefs, intended to parse internal reference tags (e.g., {user:1:email}), can be abused by both authenticated users and unauthenticated guests (if a Public Schema is enabled) to access sensitive attributes of any element in the CMS. The implementation in Elements::parseRefs fails to perform authorization checks, allowing attackers to read data they are not authorized to view. This vulnerability is fixed in 4.17.0-beta.1 and 5.9.0-beta.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T16:21:43.199Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/craftcms/cms/security/advisories/GHSA-7x43-mpfg-r9wj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/craftcms/cms/security/advisories/GHSA-7x43-mpfg-r9wj"
},
{
"name": "https://github.com/craftcms/cms/commit/4d98a07e47580f1712095825d3e3c4d67bc9f8b9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/craftcms/cms/commit/4d98a07e47580f1712095825d3e3c4d67bc9f8b9"
}
],
"source": {
"advisory": "GHSA-7x43-mpfg-r9wj",
"discovery": "UNKNOWN"
},
"title": "Craft affected by IDOR via GraphQL @parseRefs"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28696",
"datePublished": "2026-03-04T16:21:43.199Z",
"dateReserved": "2026-03-02T21:43:19.928Z",
"dateUpdated": "2026-03-04T18:00:59.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28503 (GCVE-0-2026-28503)
Vulnerability from cvelistv5 – Published: 2026-03-26 18:55 – Updated: 2026-03-27 13:58- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://github.com/TandoorRecipes/recipes/securit… | x_refsource_CONFIRM |
| https://github.com/TandoorRecipes/recipes/release… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| TandoorRecipes | recipes |
Affected:
< 2.6.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28503",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-27T13:47:43.517185Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T13:58:12.010Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "recipes",
"vendor": "TandoorRecipes",
"versions": [
{
"status": "affected",
"version": "\u003c 2.6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the `SyncViewSet.query_synced_folder()` action in `cookbook/views/api.py` (line 903) fetches a Sync object using `get_object_or_404(Sync, pk=pk)` without including `space=request.space` in the filter. This allows an admin user in Space A to trigger sync operations (Dropbox/Nextcloud/Local import) on Sync configurations belonging to Space B, and view the resulting sync logs. Version 2.6.0 patches the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T18:55:53.094Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-6qpw-gwcq-68fv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-6qpw-gwcq-68fv"
},
{
"name": "https://github.com/TandoorRecipes/recipes/releases/tag/2.6.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TandoorRecipes/recipes/releases/tag/2.6.0"
}
],
"source": {
"advisory": "GHSA-6qpw-gwcq-68fv",
"discovery": "UNKNOWN"
},
"title": "Tandoor Recipes has Cross-Space IDOR in SyncViewSet.query_synced_folder: missing space scoping on get_object_or_404"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28503",
"datePublished": "2026-03-26T18:55:53.094Z",
"dateReserved": "2026-02-27T20:57:47.709Z",
"dateUpdated": "2026-03-27T13:58:12.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28469 (GCVE-0-2026-28469)
Vulnerability from cvelistv5 – Published: 2026-03-05 21:59 – Updated: 2026-03-09 18:02- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://github.com/openclaw/openclaw/security/adv… | vendor-advisory |
| https://github.com/openclaw/openclaw/commit/61d59… | patch |
| https://www.vulncheck.com/advisories/openclaw-cro… | third-party-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28469",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-09T18:01:17.718430Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T18:02:19.456Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.2.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.2.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Vincent Koc (@vincentkoc)"
}
],
"datePublic": "2026-02-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOpenClaw versions prior to 2026.2.14 contain a webhook routing vulnerability in the Google Chat monitor component that allows cross-account policy context misrouting when multiple webhook targets share the same HTTP path. Attackers can exploit first-match request verification semantics to process inbound webhook events under incorrect account contexts, bypassing intended allowlists and session policies.\u003c/p\u003e"
}
],
"value": "OpenClaw versions prior to 2026.2.14 contain a webhook routing vulnerability in the Google Chat monitor component that allows cross-account policy context misrouting when multiple webhook targets share the same HTTP path. Attackers can exploit first-match request verification semantics to process inbound webhook events under incorrect account contexts, bypassing intended allowlists and session policies."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T16:38:21.343Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-rq6g-px6m-c248)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rq6g-px6m-c248"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/61d59a802869177d9cef52204767cd83357ab79e"
},
{
"name": "VulnCheck Advisory: OpenClaw \u003c 2026.2.14 - Cross-Account Policy Context Misrouting via Shared Webhook Path Ambiguity",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-cross-account-policy-context-misrouting-via-shared-webhook-path-ambiguity"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OpenClaw \u003c 2026.2.14 - Cross-Account Policy Context Misrouting via Shared Webhook Path Ambiguity",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-28469",
"datePublished": "2026-03-05T21:59:45.613Z",
"dateReserved": "2026-02-27T19:19:10.890Z",
"dateUpdated": "2026-03-09T18:02:19.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28444 (GCVE-0-2026-28444)
Vulnerability from cvelistv5 – Published: 2026-05-22 16:00 – Updated: 2026-05-22 16:44- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://github.com/baptisteArno/typebot.io/securi… | x_refsource_CONFIRM |
| https://github.com/baptisteArno/typebot.io/commit… | x_refsource_MISC |
| https://github.com/baptisteArno/typebot.io/releas… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| baptisteArno | typebot.io |
Affected:
< 3.16.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28444",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-22T16:42:43.239389Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-22T16:44:17.968Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "typebot.io",
"vendor": "baptisteArno",
"versions": [
{
"status": "affected",
"version": "\u003c 3.16.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the getResultLogs API endpoint authorizes the caller against the provided typebotId but fetches logs solely by resultId without verifying that the result belongs to the authorized typebot, leading to IDOR. An authenticated attacker can supply their own typebotId alongside any victim\u0027s resultId to read execution logs from other workspaces, leaking sensitive data including HTTP response bodies, AI model outputs, and webhook payloads. Every other result-scoped endpoint in the same router properly validates that the resultId belongs to the authorized typebotId. This confirms the missing check is an oversight, not a design choice. This issue has been fixed in version 3.15.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-22T16:00:58.147Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-c63p-mqx5-75r7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-c63p-mqx5-75r7"
},
{
"name": "https://github.com/baptisteArno/typebot.io/commit/d82b2d47c86ae614a08d4073c669ca64442faff2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baptisteArno/typebot.io/commit/d82b2d47c86ae614a08d4073c669ca64442faff2"
},
{
"name": "https://github.com/baptisteArno/typebot.io/releases/tag/v3.16.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baptisteArno/typebot.io/releases/tag/v3.16.0"
}
],
"source": {
"advisory": "GHSA-c63p-mqx5-75r7",
"discovery": "UNKNOWN"
},
"title": "Typebot: IDOR in Result Logs Endpoint Allows Cross-Workspace Data Disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28444",
"datePublished": "2026-05-22T16:00:58.147Z",
"dateReserved": "2026-02-27T15:54:05.140Z",
"dateUpdated": "2026-05-22T16:44:17.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28433 (GCVE-0-2026-28433)
Vulnerability from cvelistv5 – Published: 2026-03-09 21:21 – Updated: 2026-03-10 14:44| URL | Tags |
|---|---|
| https://github.com/misskey-dev/misskey/security/a… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| misskey-dev | misskey |
Affected:
>= 10.93.0, < 2026.3.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28433",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T14:43:55.587966Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T14:44:15.691Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "misskey",
"vendor": "misskey-dev",
"versions": [
{
"status": "affected",
"version": "\u003e= 10.93.0, \u003c 2026.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Misskey is an open source, federated social media platform. All Misskey servers running versions 10.93.0 and later, but prior to 2026.3.1, contain a vulnerability that allows importing other users\u0027 data due to lack of ownership validation. The impact of this vulnerability is estimated to be relatively low, as bad actors would require the ID corresponding to the target file for import. This vulnerability is fixed in 2026.3.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.3,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T21:21:06.403Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/misskey-dev/misskey/security/advisories/GHSA-g6hj-33h7-6fq8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/misskey-dev/misskey/security/advisories/GHSA-g6hj-33h7-6fq8"
}
],
"source": {
"advisory": "GHSA-g6hj-33h7-6fq8",
"discovery": "UNKNOWN"
},
"title": "Misskey lacks resource ownership validation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28433",
"datePublished": "2026-03-09T21:21:06.403Z",
"dateReserved": "2026-02-27T15:54:05.138Z",
"dateUpdated": "2026-03-10T14:44:15.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
For each and every data access, ensure that the user has sufficient privilege to access the record that is being requested.
Mitigation
Make sure that the key that is used in the lookup of a specific user's record is not controllable externally by the user or that any tampering can be detected.
Mitigation
Use encryption in order to make it more difficult to guess other legitimate values of the key or associate a digital signature with the key so that the server can verify that there has been no tampering.
No CAPEC attack patterns related to this CWE.