CVE-2026-59258 in immichالمعلومات

الملخص

بحسب MITRE • 15/07/2026

immich before 3.0.3 contains a broken access control vulnerability in the PUT /albums/:id/user/:userId endpoint that allows shared album editors to modify member roles without owner-only restrictions. Attackers with editor access can demote the album owner to editor and promote themselves to owner in sequential requests, gaining full control including deletion and eviction capabilities.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

مسؤول

VulnCheck

حجز

04/07/2026

إفشاء

15/07/2026

الاعتدال

تمت الموافقة

إدخال

VDB-379345

EPSS

0.00000

KEV

لا

النشاطات

منخفض جدًا

المصادر

Might our Artificial Intelligence support you?

Check our Alexa App!