CVE-2025-26369

Vulnerability Description

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to add privileges to user groups via crafted HTTP requests.

Vulnerability Details

Published Date

February 12, 2025

Last Modified

May 27, 2025

Source

NVD

CVE-2025-26369

Vulnerability Description

Vulnerability Details

Discussion (0)

Add Comment