CVE-2026-27833

CVSS v3.1

7.5

High

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, the pwg.history.search API method in Piwigo is registered without the admin only option, allowing unauthenticated users to access the full browsing history of all gallery visitors. This issue has been patched in version 16.3.0.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2026-27833

Affected Products

Piwigo

CVE-2026-27833

Weakness Enumeration

Related Identifiers

Affected Products

References · 4