PT-2026-43305 · Bugsink · Bugsink

Nuiifornet

·

Published

2026-05-26

·

Updated

2026-06-05

·

CVE-2026-47715

CVSS v3.1

3.1

Low

VectorAV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions Bugsink versions prior to 2.2.0
Description Bugsink is a self-hosted error tracking tool. A project-boundary authorization issue exists where issue event pages accept a direct event identifier from the URL and retrieve the event without verifying that it belongs to the issue specified in the URL. This allows an authenticated user with access to one project to view event data from another project through an issue they are authorized to access. The affected views include the stacktrace, details, and breadcrumbs pages. Exploitation requires the attacker to possess a valid target event UUID, as there is no path for event enumeration and guessing UUIDs is impractical.
Recommendations Update to version 2.2.0.

Exploit

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-47715
GHSA-VX2F-6M6H-9FRF

Affected Products

Bugsink