PT-2026-56465 · Blakeblackshear · Frigate
Published
2026-07-08
·
Updated
2026-07-08
·
CVE-2026-54652
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Frigate is an open source network video recorder. In version 0.17.1, the GET /api/logs/{service} endpoint allows any authenticated user including the viewer role to download Frigate and nginx logs, exposing auto-generated admin passwords and camera credentials logged in request query strings and enabling viewer-to-admin privilege escalation. A fixed release has not been identified.
Exploit
Fix
Improper Privilege Management
Insertion into Log File
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Frigate