CNNVD-202601-1228 Information

CNNVD ID

CNNVD-202601-1228

Related CVE

CVE-2026-0650

• CNNVD Published: 2026-01-07

Description (Chinese)

flagr是openflagr开源的一个监控服务。 flagr 1.1.18及之前版本存在安全漏洞，该漏洞源于HTTP中间件中白名单逻辑的路径规范化处理不当，可能导致身份验证绕过。

Description (English)

flagr is a control service for openflagr open source. There is a security loophole in the flagr 1.1.18 and earlier versions, which stems from the inappropriate routing of the white list logic in the middle of HTTP, which may lead to a circumvention of identification.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

openflagr

Published

2026-01-07

Last Modified

2026-02-24

References

https://dreyand.rs/code%20review/golang/2026/01/03/0day-speedrun-openflagr-less-1118-authentication-bypass https://github.com/openflagr/flagr/releases/tag/1.1.19 https://www.vulncheck.com/advisories/openflagr-authentication-bypass-via-prefix-whitelist-path-normalization

Patch

https://github.com/openflagr/flagr/releases