{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/broken-access-control/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["paperclip","broken-access-control","cross-tenant"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA critical vulnerability exists in Paperclip, specifically affecting instances running in authenticated mode with open sign-ups enabled. This flaw allows any authenticated user, even without any company memberships, to mint API tokens for agents belonging to other companies. This is due to the absence of \u003ccode\u003eassertCompanyAccess\u003c/code\u003e checks on the \u003ccode\u003e/api/agents/:id/keys\u003c/code\u003e endpoint and other agent lifecycle management endpoints. An attacker can exploit this to gain unauthorized access to sensitive information within the victim tenant, including company metadata, issues, approvals, agent configurations, and adapter settings. The vulnerability was verified on Paperclip version 2026.411.0-canary.8 (commit b649bd4), which is post the 2026.410.0 patch that addressed a related issue. This vulnerability poses a significant risk to multi-tenant Paperclip deployments.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker signs up for a Paperclip account using the default \u003ccode\u003e/api/auth/sign-up/email\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eAttacker verifies their account and confirms they have no company memberships via \u003ccode\u003eGET /api/companies\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eAttacker identifies the ID of a target agent belonging to a different company, potentially through activity feeds or other exposed APIs.\u003c/li\u003e\n\u003cli\u003eAttacker sends a \u003ccode\u003ePOST\u003c/code\u003e request to \u003ccode\u003e/api/agents/:id/keys\u003c/code\u003e with a desired name for the API key, targeting the victim agent\u0026rsquo;s ID.\u003c/li\u003e\n\u003cli\u003eThe server responds with a \u003ccode\u003e201\u003c/code\u003e status code, returning a plaintext \u003ccode\u003epcp_*\u003c/code\u003e token. No company access check is performed at this stage.\u003c/li\u003e\n\u003cli\u003eAttacker uses the stolen token as a \u003ccode\u003eBearer\u003c/code\u003e credential in subsequent API requests.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eactorMiddleware\u003c/code\u003e resolves the token to an actor with the victim\u0026rsquo;s company ID, bypassing authorization checks.\u003c/li\u003e\n\u003cli\u003eAttacker can now access sensitive information such as company metadata, issues, approvals, and agent configurations via API endpoints like \u003ccode\u003e/api/companies/:victimId\u003c/code\u003e, \u003ccode\u003e/api/companies/:victimId/issues\u003c/code\u003e, and \u003ccode\u003e/api/agents/:victimAgentId\u003c/code\u003e. They can also pause, terminate, or delete the agent using other vulnerable endpoints.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThis vulnerability allows for a complete bypass of tenancy boundaries in Paperclip. The impact includes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eConfidentiality:\u003c/strong\u003e Unauthorized access to sensitive company data, including metadata, issues, approvals, agent configurations, and adapter settings.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eIntegrity:\u003c/strong\u003e Ability to manipulate agent configurations and trigger actions within the victim tenant, potentially leading to data breaches or malicious activities.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAvailability:\u003c/strong\u003e Ability to pause, terminate, or delete agents belonging to other companies, disrupting their operations.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe severity is high due to the ease of exploitation, default configurations, and the persistence of the stolen tokens. The vulnerability affects all Paperclip instances running in \u003ccode\u003eauthenticated\u003c/code\u003e mode with open sign-up enabled.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the suggested fix provided in the advisory to \u003ccode\u003eserver/src/routes/agents.ts\u003c/code\u003e by implementing company access checks (\u003ccode\u003eassertCompanyAccess\u003c/code\u003e) for the \u003ccode\u003e/api/agents/:id/keys\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eAudit and apply similar fixes to the sibling lifecycle handlers at \u003ccode\u003e/agents/:id/pause\u003c/code\u003e, \u003ccode\u003e/resume\u003c/code\u003e, \u003ccode\u003e/terminate\u003c/code\u003e, and \u003ccode\u003eDELETE /agents/:id\u003c/code\u003e as these share the same vulnerability.\u003c/li\u003e\n\u003cli\u003eConduct a code-wide sweep for \u003ccode\u003eassertBoard(req)\u003c/code\u003e calls not immediately followed by \u003ccode\u003eassertCompanyAccess\u003c/code\u003e or \u003ccode\u003eassertInstanceAdmin\u003c/code\u003e to identify and address other potential cross-tenant access issues.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules provided below to your SIEM and tune for your environment to detect unauthorized token minting and API access.\u003c/li\u003e\n\u003cli\u003eMonitor Paperclip server logs for unusual API requests to \u003ccode\u003e/api/agents/:id/keys\u003c/code\u003e from users without company memberships.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-17T12:00:00Z","date_published":"2026-04-17T12:00:00Z","id":"/briefs/2026-04-paperclip-agent-token-minting/","summary":"A vulnerability in Paperclip allows any authenticated user to mint agent API tokens for other tenants, leading to unauthorized access and control due to missing company access checks.","title":"Paperclip Cross-Tenant Agent API Token Minting Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-paperclip-agent-token-minting/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["privilege-escalation","broken-access-control","web-application"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe wger application exposes a global configuration edit endpoint at \u003ccode\u003e/config/gym-config/edit\u003c/code\u003e that is vulnerable to broken access control. The vulnerability exists because the \u003ccode\u003eGymConfigUpdateView\u003c/code\u003e uses the wrong mixin (\u003ccode\u003eWgerFormMixin\u003c/code\u003e instead of \u003ccode\u003eWgerPermissionMixin\u003c/code\u003e), preventing proper enforcement of the \u003ccode\u003econfig.change_gymconfig\u003c/code\u003e permission. This allows a low-privileged authenticated user to modify the global \u003ccode\u003eGymConfig\u003c/code\u003e singleton (pk=1), triggering server-side side effects via the \u003ccode\u003eGymConfig.save()\u003c/code\u003e method. This vertical privilege escalation allows unauthorized modification of installation-wide state and bulk updates to other users’ records, violating the intended administrative trust boundary. The vulnerability affects wger versions 2.1 and earlier.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker authenticates to the wger application with a low-privileged user account.\u003c/li\u003e\n\u003cli\u003eThe attacker navigates to the global configuration edit endpoint at \u003ccode\u003e/config/gym-config/edit\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe server processes the request via the \u003ccode\u003eGymConfigUpdateView\u003c/code\u003e which inherits from \u003ccode\u003eWgerFormMixin\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWgerFormMixin\u003c/code\u003e attempts to perform ownership checks but fails because \u003ccode\u003eGymConfig\u003c/code\u003e does not implement \u003ccode\u003eget_owner_object()\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe application allows the attacker to modify the \u003ccode\u003edefault_gym\u003c/code\u003e setting.\u003c/li\u003e\n\u003cli\u003eThe attacker submits the form with a modified \u003ccode\u003edefault_gym\u003c/code\u003e value.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eGymConfig.save()\u003c/code\u003e method is called, updating \u003ccode\u003eUserProfile\u003c/code\u003e records with a gym set to null.\u003c/li\u003e\n\u003cli\u003eThe attacker has successfully modified installation-wide configuration, potentially bulk-updating user records and violating administrative trust boundaries.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows a low-privileged user to escalate privileges and modify global configuration settings. This could lead to unauthorized modification of user profiles and tenant assignments, affecting new registrations and existing users lacking a gym. On deployments with multiple gyms, this vulnerability can result in widespread data manipulation and a violation of the intended administrative trust boundary. The vulnerability affects wger deployments, impacting organizations that rely on the application for managing fitness and exercise data.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the recommended fix by ensuring permission enforcement runs before the form dispatch. Implement the suggested code change in \u003ccode\u003ewger/config/views/gym_config.py\u003c/code\u003e using the project mixin by updating the inheritance order: \u003ccode\u003eclass GymConfigUpdateView(WgerPermissionMixin, WgerFormMixin, UpdateView):\u003c/code\u003e as described in the advisory.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;wger GymConfig Update by Low-Privilege User\u0026rdquo; to detect unauthorized modification of the GymConfig object via the \u003ccode\u003e/config/gym-config/edit\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for POST requests to the \u003ccode\u003e/config/gym-config/edit\u003c/code\u003e endpoint originating from low-privileged user accounts, using the URL as an indicator.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-16T01:35:16Z","date_published":"2026-04-16T01:35:16Z","id":"/briefs/2024-01-09-wger-privesc/","summary":"The wger application has a broken access control vulnerability in the global gym configuration update endpoint, allowing low-privileged authenticated users to modify installation-wide configuration settings and escalate privileges.","title":"wger Broken Access Control in Global Gym Configuration Update Endpoint","url":"https://feed.craftedsignal.io/briefs/2024-01-09-wger-privesc/"},{"_cs_actors":[],"_cs_cves":[{"cvss":9.9,"id":"CVE-2026-39355"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["broken-access-control","php","genealogy","CVE-2026-39355"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eGenealogy is a family tree PHP application that, prior to version 5.9.1, contained a critical broken access control vulnerability identified as CVE-2026-39355. This flaw allows any authenticated user to transfer ownership of non-personal teams to themselves without proper authorization checks. This unauthorized ownership transfer leads to complete takeover of other users’ team workspaces, granting the attacker unrestricted access to all genealogy data associated with the compromised team. This vulnerability poses a significant risk to data confidentiality and integrity within organizations using affected versions of the Genealogy application. Version 5.9.1 addresses and resolves this vulnerability.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker authenticates to the Genealogy application with valid user credentials.\u003c/li\u003e\n\u003cli\u003eThe attacker identifies a target \u0026ldquo;team\u0026rdquo; within the application that is not their own.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request to the application\u0026rsquo;s team ownership transfer functionality, specifying the target team and the attacker\u0026rsquo;s user ID as the new owner.\u003c/li\u003e\n\u003cli\u003eDue to the broken access control vulnerability (CVE-2026-39355), the application fails to validate the attacker\u0026rsquo;s authorization to perform the ownership transfer.\u003c/li\u003e\n\u003cli\u003eThe application incorrectly updates the team\u0026rsquo;s ownership data, assigning ownership to the attacker.\u003c/li\u003e\n\u003cli\u003eThe attacker now possesses full administrative control over the compromised team\u0026rsquo;s workspace and data.\u003c/li\u003e\n\u003cli\u003eThe attacker accesses and exfiltrates sensitive genealogy data, including family trees, personal information, and other confidential records.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-39355 allows an attacker to gain complete control over targeted teams within the Genealogy application. This leads to unauthorized access to sensitive genealogy data, potentially impacting all users and families represented within the compromised teams. The impact includes data exfiltration, modification, or deletion, potentially causing significant reputational damage and legal liabilities. While the exact number of affected installations is unknown, all organizations running versions prior to 5.9.1 are vulnerable.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately upgrade the Genealogy application to version 5.9.1 or later to patch CVE-2026-39355.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious POST requests to team management endpoints, specifically those related to team ownership transfer. Use the provided Sigma rule \u003ccode\u003eDetect Suspicious Genealogy Team Ownership Transfer\u003c/code\u003e to detect unauthorized attempts.\u003c/li\u003e\n\u003cli\u003eImplement strict access control policies within the Genealogy application, ensuring that users can only access and modify data related to teams they are authorized to manage.\u003c/li\u003e\n\u003cli\u003eEnable detailed logging for all user authentication and authorization events within the Genealogy application to facilitate incident investigation.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-07T19:16:46Z","date_published":"2026-04-07T19:16:46Z","id":"/briefs/2026-04-genealogy-acl/","summary":"A critical broken access control vulnerability (CVE-2026-39355) in Genealogy PHP application versions prior to 5.9.1 allows authenticated users to transfer ownership of arbitrary teams, leading to complete takeover of team workspaces and unrestricted data access.","title":"Genealogy PHP Application Broken Access Control Vulnerability (CVE-2026-39355)","url":"https://feed.craftedsignal.io/briefs/2026-04-genealogy-acl/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.7,"id":"CVE-2026-34222"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["broken-access-control","web-application","privilege-escalation"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eOpen WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.11, a broken access control vulnerability, identified as CVE-2026-34222, exists within the application concerning tool values. An authenticated user with low privileges could potentially manipulate these tool values, leading to unintended functionality or unauthorized access to sensitive configurations. The vulnerability was reported by GitHub, Inc. and patched in version 0.8.11. Exploitation requires an existing user account. The impact could allow an attacker to reconfigure the AI platform or access unauthorized tools.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains a low-privileged account on the Open WebUI platform, either by registering an account if allowed or compromising an existing user.\u003c/li\u003e\n\u003cli\u003eThe attacker analyzes the Open WebUI web application to identify the API endpoints or data structures used to manage \u0026ldquo;tool values.\u0026rdquo;\u003c/li\u003e\n\u003cli\u003eThe attacker crafts malicious HTTP requests targeting the \u0026ldquo;tool values\u0026rdquo; API endpoint, attempting to modify a tool value associated with a higher-privileged function or user.\u003c/li\u003e\n\u003cli\u003eDue to the broken access control, the application fails to properly validate if the attacker\u0026rsquo;s account has the authorization to modify the target tool value.\u003c/li\u003e\n\u003cli\u003eThe attacker successfully modifies the tool value.\u003c/li\u003e\n\u003cli\u003eThe attacker triggers the functionality associated with the modified tool value.\u003c/li\u003e\n\u003cli\u003eThe application executes the functionality with the modified tool value, potentially granting the attacker unauthorized access.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages this access to escalate privileges within the system, for example, by executing commands with elevated permissions or accessing sensitive data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an attacker with a low-privileged account to bypass intended access controls within the Open WebUI platform. This could allow unauthorized modifications to the AI platform\u0026rsquo;s configuration, access to restricted tools or features, and potentially lead to complete compromise of the system. The CVE has a CVSS v3.1 score of 7.7, indicating a high severity. The number of potential victims is dependent on the deployment size of vulnerable Open WebUI instances.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Open WebUI to version 0.8.11 or later to patch the CVE-2026-34222 vulnerability.\u003c/li\u003e\n\u003cli\u003eImplement the Sigma rule \u0026ldquo;Detect Open WebUI Tool Value Modification\u0026rdquo; to monitor for suspicious activity related to tool value changes.\u003c/li\u003e\n\u003cli\u003eReview and enforce strict access control policies within the Open WebUI application to minimize the impact of potential access control vulnerabilities.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious POST requests to API endpoints associated with tool configuration and management, as indicated in the attack chain.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-01T18:16:29Z","date_published":"2026-04-01T18:16:29Z","id":"/briefs/2026-04-open-webui-access-control/","summary":"A broken access control vulnerability in Open WebUI versions prior to 0.8.11 (CVE-2026-34222) allows authenticated users to potentially access or modify tool values they should not be authorized to, leading to privilege escalation and unauthorized configuration changes.","title":"Open WebUI Broken Access Control Vulnerability (CVE-2026-34222)","url":"https://feed.craftedsignal.io/briefs/2026-04-open-webui-access-control/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["avo"],"_cs_severities":["high"],"_cs_tags":["broken-access-control","privilege-escalation","ruby"],"_cs_type":"advisory","_cs_vendors":["rubygems"],"content_html":"\u003cp\u003eA critical broken access control vulnerability exists within the Avo framework, specifically affecting version 3.x. This vulnerability resides in the \u003ccode\u003eActionsController\u003c/code\u003e and stems from an insecure action lookup mechanism. An authenticated user, regardless of their privilege level, can execute any Action class (descendants of \u003ccode\u003eAvo::BaseAction\u003c/code\u003e) on any resource within the application. This occurs because the system fails to validate whether the requested action is legitimately registered or permitted for the resource context specified in the request. The absence of this verification allows for the circumvention of intended resource-action mappings. Successful exploitation leads to privilege escalation, unauthorized data manipulation, and potential compromise of the application\u0026rsquo;s integrity. It is recommended to upgrade to version 3.31.2 or later, which addresses this vulnerability.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker authenticates to the Avo admin panel with low-level privileges.\u003c/li\u003e\n\u003cli\u003eThe attacker identifies a sensitive action class, such as \u003ccode\u003eAvo::Actions::ToggleAdmin\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker identifies a target record ID, such as a user ID they wish to manipulate.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a POST request to a resource endpoint where the target action is NOT registered (e.g., \u003ccode\u003e/admin/resources/posts/actions\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe POST request includes a payload containing the \u003ccode\u003eaction_id\u003c/code\u003e parameter set to the sensitive action class (\u003ccode\u003eAvo::Actions::ToggleAdmin\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe POST request also includes a \u003ccode\u003efields[avo_resource_ids]\u003c/code\u003e parameter set to the target record ID.\u003c/li\u003e\n\u003cli\u003eDue to the insecure action lookup in \u003ccode\u003eAvo::ActionsController\u003c/code\u003e, the server executes the \u003ccode\u003eToggleAdmin\u003c/code\u003e action on the specified user ID.\u003c/li\u003e\n\u003cli\u003eThe attacker\u0026rsquo;s privileges are escalated, or unauthorized data manipulation occurs due to the successful execution of the unintended action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe exploitation of this broken access control vulnerability can have severe consequences. A successful attack can lead to privilege escalation, allowing attackers to gain administrative control over the application. Unauthorized operations can be performed, leading to data breaches or data manipulation. Sensitive actions designed for restricted resources can be triggered against any record ID, potentially compromising the integrity and confidentiality of data. The impact includes unauthorized deletion, archival, or updates to records, causing reputational damage and potential financial losses.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Avo version 3.31.2 or later, which contains the necessary fix to restrict action lookup to registered actions for the current resource context.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Avo Unauthorized Action Execution\u003c/code\u003e to monitor for attempts to execute actions on resources where they are not registered.\u003c/li\u003e\n\u003cli\u003eReview and audit existing Avo action registrations to ensure that actions are appropriately mapped to resources within the application.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-03T12:00:00Z","date_published":"2024-01-03T12:00:00Z","id":"/briefs/2024-01-03-avo-broken-access-control/","summary":"Avo framework version 3.x contains a critical Broken Access Control vulnerability in the ActionsController. Due to insecure action lookup logic, an authenticated user can execute any Action class on any resource, even if the action is not registered for that specific resource. This leads to Privilege Escalation and unauthorized data manipulation across the entire application. Version 3.31.2 remediates this issue.","title":"Avo Framework Broken Access Control Vulnerability","url":"https://feed.craftedsignal.io/briefs/2024-01-03-avo-broken-access-control/"}],"language":"en","title":"CraftedSignal Threat Feed — Broken-Access-Control","version":"https://jsonfeed.org/version/1.1"}