CVE-2026-16217
MEDIUM
6.3
CVSS 3.1
Description
A security vulnerability has been detected in guohongze adminset up to 0.61. Affected by this vulnerability is an unknown functionality of the file delivery/deli.py of the component Delivery Deployment Endpoint. The manipulation of the argument project_id leads to authorization bypass. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Metadata
Severity & Metrics
6.3
MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| guohongze | adminset | — | 0.1, 0.2, 0.3, 0.4 … |
Weakness (CWE)
CVSS scores (4)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 6.5 | N/D | 2.0 | cna | AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR |
| 6.3 | MEDIUM | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R |
| 6.3 | MEDIUM | 3.0 | cna | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R |
| 5.3 | MEDIUM | 4.0 | cna | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
References (6)
- VDB-380040 | guohongze adminset Delivery Deployment Endpoint deli.py authorization https://vuldb.com/vuln/380040
- VDB-380040 | CTI Indicators (IOB, IOC, IOA) https://vuldb.com/vuln/380040/cti
- CVE-2026-16217 | CVE Analysis and Report https://vuldb.com/cve/CVE-2026-16217
- Submit #857950 | guohongze adminset 6c122c2824e6553b09ebd16a1fa05a593198c5ec CWE-639 Authorization Bypass Through User-Controlled Key https://vuldb.com/submit/857950
- https://github.com/guohongze/adminset/issues/161
- https://github.com/guohongze/adminset/