Back to overview

CVE-2026-61971

LOW
2.7
CVSS 3.1
Description
Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs User Profile Picture metronet-profile-picture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Profile Picture: from n/a through <= 2.6.3.

Metadata

CVE ID
CVE-2026-61971
State
PUBLISHED
Assigner
Patchstack
Reserved
2026-07-13 06:13 UTC
Published
2026-07-13 08:41 UTC
Last updated
2026-07-13 08:41 UTC
Primary CWE
CWE-639
Authorization Bypass Through User-Controlled Key
Vendor / Product
Cozmoslabs / User Profile Picture
Sources
cve.org  ·  NVD

Severity & Metrics

2.7 LOW CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Affected products (1)
VendorProductPlatformVersions
Cozmoslabs User Profile Picture 0 ≤ 2.6.3
Weakness (CWE)
CWESourceDescription
CWE-639 cna Authorization Bypass Through User-Controlled Key
CVSS scores (1)
ScoreSeverityVersionSourceVector
2.7 LOW 3.1 cna CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Back to overview