T0Mer

**Name of the Vulnerable Software and Affected Versions** Zerobyte versions prior to 0.18.5 Zerobyte versions prior to 0.19.0 **Description** Zerobyte, a backup automation tool, has an issue where authentication middleware is not correctly applied to certain API endpoints. This allows access to these endpoints without valid session credentials. The issue is considered dangerous for instances exposed outside of internal networks. The vulnerable API endpoints are accessible without authentication. **Recommendations** Versions prior to 0.18.5 should be updated to version 0.18.5 or later. Versions prior to 0.19.0 should be updated to version 0.19.0 or later. If an immediate upgrade is not possible, restrict network access to the Zerobyte instance to trusted networks using firewall rules or network segmentation.