CVE-2025-26371 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privi…
High CVSS: 8.8

CVE-2025-26371

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to add users to groups via crafted HTTP requests.
Vendor
Q-free
Product
Maxtime
CWE
CWE-862
Yayın Tarihi
2025-02-12 14:15:38
Güncelleme
2025-04-10 19:54:12
Source Identifier
prodsec@nozominetworks.com
KEV Date Added
-

Kategoriler

CWE-862 Maxtime HIGH Q-free 2025

Referanslar

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26371