CVE-2026-23896 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

immich is a high performance self-hosted photo and video management solution. Prior to version 2.5.0, API keys can escalate their own permissions by calling the…
High CVSS: 7.2

CVE-2026-23896

immich is a high performance self-hosted photo and video management solution. Prior to version 2.5.0, API keys can escalate their own permissions by calling the update endpoint, allowing a low-privilege API key to grant itself full administrative access to the system. Version 2.5.0 fixes the issue.
Vendor
Immich
Product
Immich
CWE
CWE-269
Yayın Tarihi
2026-01-29 18:16:14
Güncelleme
2026-03-10 18:00:28
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-269 Immich HIGH Immich 2026

Referanslar

https://github.com/immich-app/immich/security/advisories/GHSA-237r-x578-h5mv