CVE-2026-12673

Vulnerability Description

Liquidfiles versions before 4.2.12 are affected by a broken access control vulnerability resulting in privilege escalation from an Admin in a secondary domain to a Sysadmin by modifying a group in their managed secondary (non-default) group.

Vulnerability Details

Published Date

June 20, 2026

Last Modified

June 20, 2026

CWE ID

CWE-285

Source

NVD

Vendor

liquidfiles

Product

liquidfiles

External References

https://docs.liquidfiles.com/release_notes/version_4-2-x.html
https://projectblack.io/blog/liquidfiles-privilege-escalation/

CVE-2026-12673

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment