CVE-2026-2109

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions jsbroks COCO Annotator versions up to 0.11.1

Description A flaw exists in jsbroks COCO Annotator that allows for improper authorization. This issue is related to the manipulation of the ID argument within an unknown function of the /api/undo/ file in the Delete Category Handler component. The attack can be initiated remotely, and an exploit is publicly available. The vendor was notified but did not respond.

Recommendations Versions prior to 0.11.1 should be used.

Exploit

Fix

Improper Authorization

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-266

Related Identifiers

CVE-2026-2109

Affected Products

Jsbroks Coco Annotator

CVE-2026-2109

Weakness Enumeration

Related Identifiers

Affected Products

References · 10