CVE-2026-23526

High CVSS: 8.5

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.0.0 through 2.54.0, users that have the staff status may freely change their permissions, including giving themselves superuser status and joining the admin group, which gives them full access to the data in the CVAT instance. Version 2.55.0 fixes the issue. As a workaround, review the list of users with staff status and revoke it from any users that are not expected to have superuser privileges.

Vendor

Cvat

Product

Computer Vision Annotation Tool

CWE

CWE-267

Yayın Tarihi

2026-01-21 22:15:50

Güncelleme

2026-02-20 20:08:27

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-267 Computer Vision Annotation Tool HIGH Cvat 2026

Referanslar

https://github.com/cvat-ai/cvat/commit/88ac7aa4d5b52271a30f1aa387c0f5745f8f77d4 https://github.com/cvat-ai/cvat/security/advisories/GHSA-7pvv-w55f-qmw7

Benzer Kayıtlar

High

CVE-2026-23516

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.2.0 through 2.54.0…

Medium

CVE-2025-68430

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.8.1 through 2.52.0…

Medium

CVE-2025-54573

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.1.0 through 2.41.0…

Medium

CVE-2025-49135

CVAT is an open source interactive video and image annotation tool for computer vision. Versions 2.2.0 through 2.39.0 ha…

Medium

CVE-2025-48381

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. In version…

High

CVE-2025-23045

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacke…