CVE-2025-26367 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privi…
Medium CVSS: 4.3

CVE-2025-26367

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to create arbitrary user groups via crafted HTTP requests.
Vendor
Q-free
Product
Maxtime
CWE
CWE-862
Yayın Tarihi
2025-02-12 14:15:37
Güncelleme
2025-04-10 19:54:17
Source Identifier
prodsec@nozominetworks.com
KEV Date Added
-

Kategoriler

CWE-862 Maxtime MEDIUM Q-free 2025

Referanslar

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26367