PT-2026-3869 · Cvat · Cvat

Arkmarta

Publicado

2026-01-21

Atualizado

2026-02-17

CVE-2026-23526

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CVAT versions 1.0.0 through 2.54.0

Description CVAT is an open source interactive video and image annotation tool for computer vision. Users with staff status can modify their permissions, including granting themselves superuser status and joining the admin group, which provides full access to the data within the CVAT instance.

Recommendations Versions prior to 2.55.0 should be updated. Review the list of users with staff status and revoke it from any users that are not expected to have superuser privileges as a workaround.

Exploit

Correção

LPE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-267

Identificadores relacionados

CVE-2026-23526

GHSA-7PVV-W55F-QMW7

Produtos afetados

Cvat

PT-2026-3869 · Cvat · Cvat

CVE-2026-23526

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8