PT-2026-2295 · Lychee · Lychee
Chakradhar1228
·
Published
2026-01-12
·
Updated
2026-01-12
·
CVE-2026-22784
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Lychee versions prior to 7.1.0
Description
Lychee is a free, open-source photo-management tool. A flaw exists in the album password unlock functionality that could allow users to gain unauthorized access to other users' password-protected albums. When a user unlocks a password-protected public album, the system automatically unlocks all other public albums sharing the same password, bypassing authorization controls.
Recommendations
Update to version 7.1.0 or later.
Exploit
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Lychee