← volver
CVE-2026-33125

Frigate Broken Access Control: Users assigned the viewer role can delete admin and other low-privileged accounts

CVSS 7.1 HIGHEPSS 0.2%CWE-285
Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. In versions 0.16.2 and below, users with the viewer role can delete admin and low-privileged user accounts. Exploitation can lead to DoS and affect data integrity. This issue has been patched in version 0.16.3.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Productos afectados
blakeblackshear · frigate

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/blakeblackshear/frigate/releases/tag/v0.16.3https://github.com/blakeblackshear/frigate/security/advisories/GHSA-vg28-83rp-8xx4