CVE-2026-4171

Name of the Vulnerable Software and Affected Versions CodeGenieApp serverless-express versions through 4.17.1

Description A security issue exists in CodeGenieApp serverless-express up to version 4.17.1. The issue affects functionality within the file examples/lambda-function-url/packages/api/models/TodoList.ts of the API Endpoint component. Manipulation of the userId argument can lead to authorization bypass, and the attack can be carried out remotely. The exploit has been publicly disclosed. The vendor was contacted regarding this disclosure but did not respond.

Recommendations Versions prior to 4.17.1 are recommended.