Home / Vulnerability Intelligence / CVE-2026-25660

CVE-2026-25660 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: April 27, 2026

CodeChecker - Authentication Bypass

Published: April 24, 2026Updated: April 27, 2026Remote Exploitable

Overview

CodeChecker through 6.27.3 contains an authentication bypass caused by URL ending with Authentication and certain function calls, letting attackers assign arbitrary permissions to any existing user, exploit requires crafted URL.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 5.4%(Probability of exploitation in next 30 days)

Impact

Attackers can assign arbitrary permissions to any user, potentially leading to full privilege escalation.

Mitigation

Update to the latest version beyond 6.27.3.

References

https://github.com/Ericsson/codechecker/security/advisories/GHSA-4v9x-cqc5-j645

Social Media Activity(2 posts)

OffSequence

@offseq

Apr 25, 2026

Ericsson CodeChecker (≤6.27.3) is vulnerable to CRITICAL auth bypass (CVE-2026-25660). Attackers can assign permissions via crafted URLs. Restrict access & monitor for changes. Patch not yet available. https://radar.offseq.com/threat/cve-2026-25660-cwe-290-authentication-bypass-by-sp-881e021f #OffSeq #vulnerability #CodeChecker #infosec

View original post

OffSequence

@offseq

Apr 25, 2026

View original post

Related Resources

Details

CVE ID: CVE-2026-25660
Severity: Critical
CVSS Score: 9.8
Type: broken_authentication
Status: confirmed
EPSS: 5.4%
Social Posts: 2

CWE

CWE-290

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

5.4%Probability of exploitation in the next 30 days