CNNVD-202601-4900 Information

CNNVD ID

CNNVD-202601-4900

Related CVE

CVE-2026-23896

• CNNVD Published: 2026-01-29

Description (Chinese)

immich是Immich开源的一个高性能自托管照片和视频管理解决方案。 immich 2.5.0之前版本存在安全漏洞，该漏洞源于API密钥可通过调用更新端点提升自身权限，可能导致低权限API密钥获得完全管理访问权限。

Description (English)

Immich is a high-performance self-hosting photo and video management solution for Immich. There is a security loophole in the previous version of immich 2.5.0, which stems from the fact that the API key enhances its privileges by calling an updated peer point, which may lead to the full management access of the low-authority API key.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Immich

Published

2026-01-29

Last Modified

2026-02-24

References

https://github.com/immich-app/immich/security/advisories/GHSA-237r-x578-h5mv https://access.redhat.com/security/cve/cve-2026-23896

Patch

https://github.com/immich-app/immich/releases