CVE-2026-3209 in Pangolin
要約 (英語)
A vulnerability has been found in fosrl Pangolin up to 1.15.4-s.3. This affects the function verifyRoleAccess/verifyApiKeyRoleAccess of the component Role Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. Upgrading to version 1.15.4-s.4 mitigates this issue. The identifier of the patch is 5e37c4e85fae68e756be5019a28ca903b161fdd5. Upgrading the affected component is advised.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
公開
2026年02月26日
ステータス
確認済み
エントリ
VulDB provides additional information and datapoints for this CVE:
| 識別子 | 脆弱性 | CWE | 悪用可 | 対策 | CVE |
|---|---|---|---|---|---|
| 347796 | fosrl Pangolin Role verifyApiKeyRoleAccess 特権昇格 | 284 | 概念実証 | 公式な修正 | CVE-2026-3209 |