Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Wed, 01 Jul 2026 10:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Photoprism
Photoprism photoprism |
|
| Vendors & Products |
Photoprism
Photoprism photoprism |
Mon, 29 Jun 2026 18:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | PhotoPrism before 260601-a7d098548 contains a broken access control vulnerability that allows authenticated non-admin users to modify other users' profile information by sending requests to arbitrary user endpoints. Attackers can exploit the missing session-to-user identifier validation in the PUT users API endpoint to overwrite another user's profile details without authorization. | |
| Title | PhotoPrism - Unauthorized User Profile Modification via PUT /api/v1/users/{uid} Endpoint | |
| Weaknesses | CWE-639 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-01T14:10:50.754Z
Reserved: 2026-06-26T13:57:16.356Z
Link: CVE-2026-57945
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-01T10:04:02Z