{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/ericsson/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2026-25660"}],"_cs_exploited":false,"_cs_products":["codechecker (\u003c= 6.27.3)"],"_cs_severities":["critical"],"_cs_tags":["authentication-bypass","privilege-escalation","web-application"],"_cs_type":"advisory","_cs_vendors":["Ericsson"],"content_html":"\u003cp\u003eAn authentication bypass vulnerability has been discovered in CodeChecker versions 6.27.3 and earlier. The vulnerability exists due to improper authentication checks when accessing specific API endpoints under the \u003ccode\u003e/Authentication\u003c/code\u003e path. This allows unauthenticated users to execute functions such as \u003ccode\u003egetAuthorisedNames\u003c/code\u003e, \u003ccode\u003egetPermissionsForUser\u003c/code\u003e, \u003ccode\u003ehasPermission\u003c/code\u003e, \u003ccode\u003eaddPermission\u003c/code\u003e, and \u003ccode\u003eremovePermission\u003c/code\u003e with arbitrary arguments. Successful exploitation of this vulnerability can allow an attacker with a CodeChecker user to acquire superuser permissions, leading to complete control over the CodeChecker instance. The issue was reported on May 5, 2026, and a patch is available in version 6.27.4.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies a vulnerable CodeChecker instance running a version prior to 6.27.4.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a POST request to a vulnerable endpoint, such as \u003ccode\u003e/v6.27/Authentication@addPermission\u003c/code\u003e, without providing valid authentication credentials.\u003c/li\u003e\n\u003cli\u003eThe attacker includes parameters in the POST request to assign elevated privileges to an existing user account within CodeChecker.\u003c/li\u003e\n\u003cli\u003eThe CodeChecker server, due to the authentication bypass, processes the request without proper authentication checks.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eaddPermission\u003c/code\u003e function is executed, granting the specified user account the requested permissions, potentially including superuser privileges.\u003c/li\u003e\n\u003cli\u003eThe attacker logs in to CodeChecker with the compromised user account.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the newly acquired superuser permissions to perform administrative tasks, such as modifying code analysis rules or accessing sensitive data.\u003c/li\u003e\n\u003cli\u003eThe attacker gains full control over the CodeChecker instance, potentially compromising the security of code analysis and development workflows.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an attacker to gain complete control over a CodeChecker instance. An attacker with a CodeChecker user can effectively acquire superuser permissions. This could lead to unauthorized access to sensitive code analysis data, modification of code analysis rules, or the introduction of malicious code into the development pipeline. The number of victims is currently unknown, but any organization using CodeChecker versions 6.27.3 or earlier is potentially affected.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade CodeChecker to version 6.27.4 or later to patch CVE-2026-25660.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect CodeChecker Authentication Bypass Attempt\u003c/code\u003e to your SIEM to detect exploitation attempts by monitoring for unauthorized access attempts to the Authentication API.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for POST requests to \u003ccode\u003e/Authentication\u003c/code\u003e endpoints from unauthenticated users, as highlighted in the example log entries in the overview.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-02T12:00:00Z","date_published":"2024-01-02T12:00:00Z","id":"/briefs/2024-01-codechecker-auth-bypass/","summary":"An authentication bypass vulnerability exists in CodeChecker for certain API calls, allowing unauthenticated users to execute function calls with arbitrary arguments, potentially granting superuser permissions to an attacker.","title":"CodeChecker Authentication Bypass Vulnerability","url":"https://feed.craftedsignal.io/briefs/2024-01-codechecker-auth-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Ericsson","version":"https://jsonfeed.org/version/1.1"}