CNNVD-202602-1103 Information

Feb 07, 2026 cve

CNNVD ID

CNNVD-202602-1103

CVE-2026-2109

CNNVD Published: 2026-02-07

Description (Chinese)

COCO Annotator是Justin Brooks个人开发者的一个基于网络的图像注释工具。旨在实现多功能性和高效地标记图像。 COCO Annotator 0.11.1及之前版本存在授权问题漏洞，该漏洞源于对组件Delete Category Handler中文件/api/undo/的参数ID的错误操作，可能导致授权不当。

Description (English)

COCO Annotator is a web-based image comment tool for Justin Brooks personal developers. To achieve multifunctional and efficient marking of images. COCO Annotator 0.11.1 and previous versions had a mandate gap, which stemmed from an error in the application of parameter ID of document/api/undo/for component Delete Category Handler, which could lead to improper authorization.

Hazard Level

High

Vulnerability Type

授权问题

Affected Vendor

个人开发者

Published

2026-02-07

Last Modified

2026-02-24

References

https://github.com/nmmorette/vulnerability-research/blob/main/BFLA%20COCO%20Annotator%20in%20DELETE%20api%20undo/BFLA%20COCO%20Annotator%20in%20DELETE%20api%20undo%202f1ef09b8736807aa1f7ede4b64fa35d.md https://vuldb.com/?ctiid.344685 https://vuldb.com/?id.344685 https://vuldb.com/?submit.745579 https://access.redhat.com/security/cve/cve-2026-2109

Share on: