CNNVD-202601-3344 Information

CNNVD ID

CNNVD-202601-3344

Related CVE

CVE-2026-23526

• CNNVD Published: 2026-01-21

Description (Chinese)

CVAT.ai CVAT是CVAT.ai开源的一个数据处理工具。 CVAT.ai CVAT 2.54.0及之前版本存在安全漏洞，该漏洞源于具有staff状态的用户可以自由更改自身权限，可能导致权限提升。

Description (English)

CVAT.ai CVAT is an open source data-processing tool for CVAT.ai. CVAT.ai CVAT 2.54.0 and previous versions have a security loophole, which stems from the fact that users with staff status are free to change their privileges, which may lead to an increase in them.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

CVAT.ai

Published

2026-01-21

Last Modified

2026-02-24

References

https://github.com/cvat-ai/cvat/security/advisories/GHSA-7pvv-w55f-qmw7 https://github.com/cvat-ai/cvat/commit/88ac7aa4d5b52271a30f1aa387c0f5745f8f77d4 https://access.redhat.com/security/cve/cve-2026-23526

Patch

https://github.com/cvat-ai/cvat/releases