PT-2026-6917 · Unknown · Jsbroks Coco Annotator

Nmmorette

Publicado

2026-02-07

Atualizado

2026-02-27

CVE-2026-2109

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions jsbroks COCO Annotator versions up to 0.11.1

Description A flaw exists in jsbroks COCO Annotator that allows for improper authorization. This issue is related to the manipulation of the ID argument within an unknown function of the /api/undo/ file in the Delete Category Handler component. The attack can be initiated remotely, and an exploit is publicly available. The vendor was notified but did not respond.

Recommendations Versions prior to 0.11.1 should be used.

Exploit

Correção

Improper Authorization

Incorrect Privilege Assignment

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-285CWE-266

Identificadores relacionados

CVE-2026-2109

Produtos afetados

Jsbroks Coco Annotator

PT-2026-6917 · Unknown · Jsbroks Coco Annotator

CVE-2026-2109

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10