PT-2026-1559 · Openflagr · Openflagr

Dreyand

·

Publicado

2026-01-07

·

Atualizado

2026-01-17

·

CVE-2026-0650

CVSS v4.0

9.3

Crítica

VetorAV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Name of the Vulnerable Software and Affected Versions OpenFlagr versions prior to and including 1.1.18
Description The software contains an authentication bypass issue in the HTTP middleware. Improper path normalization within the whitelist logic allows crafted requests to bypass authentication, granting access to protected API endpoints without valid credentials. This unauthorized access could potentially allow modification of feature flags and the export of sensitive data.
Recommendations Update to a version later than 1.1.18.

Exploit

Correção

Missing Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-425CWE-306

Identificadores relacionados

CVE-2026-0650
GHSA-RWP9-5G7Q-73Q3
GO-2026-4286
SUSE-SU-2026:0142-1

Produtos afetados

Openflagr