PT-2026-53669 · Its A Feature · Mythic

George Chen

·

Publicado

2026-06-29

·

Atualizado

2026-06-29

·

CVE-2026-57951

CVSS v3.1

6.5

Média

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Mythic before 3.4.0.60 contains a broken hasura permission filter on the payload build step table with an always-satisfied or condition that bypasses operation-scoped access controls. Authenticated operators and spectators can query payload build step to read step stdout, step stderr, step name, and step description across all operations on the server.

Correção

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-863

Identificadores relacionados

CVE-2026-57951

Produtos afetados

Mythic