CVE-2026-25660

EPSS 0.03%

Codechecker has an authentication bypass for certain API calls

Published: 5/5/2026Modified: 5/5/2026

Description

### Summary Authentication bypass occurs when the URL ends with Authentication with certain function calls. This bypass allows assigning arbitrary permissions to any existing user in CodeChecker. ### Details The following functions are affected under the Authentication endpoint: `getAuthorisedNames`, `getPermissionsForUser`, `hasPermission`, `addPermission`, and `removePermission`. The vulnerability allows unauthenticated users to execute these function calls with arbitrary arguments. In the logs, the exploit shows as follows: ``` [INFO 2026-04-23 21:23] - 127.0.0.1:42654 -- [Anonymous] POST /v6.67/Authentication@getAuthorisedNames [INFO 2026-04-23 21:23] - 127.0.0.1:42654 -- [Anonymous] POST /v6.67/Authentication@addPermission ``` ### Impact An attacker with a CodeChecker user can effectively acquire superuser permissions by calling these endpoints. ### Patch A patch is available at https://github.com/Ericsson/codechecker/releases/tag/v6.27.4.

Affected packages (1)

PyPI/codecheckerfrom 0, <= 6.27.3

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P

Description

Affected packages (1)

CVSS scores

References (3)