No advisories yet.
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Tue, 14 Jul 2026 02:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 13 Jul 2026 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Flaskbb
Flaskbb flaskbb |
|
| Vendors & Products |
Flaskbb
Flaskbb flaskbb |
Fri, 10 Jul 2026 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | FlaskBB through 2.2.0, fixed in commit acc88cf, contains an authorization bypass vulnerability that allows authenticated moderators to perform unauthorized actions on topics in forums they do not control by submitting crafted topic ID lists. Attackers can include a low-ID topic from a permitted forum as an anchor in a batch request, causing the permission check applied only to the first result to pass, and then execute lock, unlock, delete, or hide actions against topics in unmoderated forums. | |
| Title | FlaskBB Authorization Bypass via Topic ID Manipulation | |
| Weaknesses | CWE-863 | |
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-14T01:41:36.014Z
Reserved: 2026-01-08T19:04:26.364Z
Link: CVE-2026-22659
Updated: 2026-07-14T01:41:31.344Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-13T20:00:05Z