CVE-2025-26377

Vulnerability Description

A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove users via crafted HTTP requests.

Vulnerability Details

Published Date

February 12, 2025

Last Modified

October 28, 2025

Source

NVD

CVE-2025-26377

Vulnerability Description

Vulnerability Details

Discussion (0)

Add Comment