PatchSiren cyber security CVE debrief
CVE-2026-11852 Debian CVE debrief
A medium-severity vulnerability was found in Debusine, an integrated solution for building, distributing, and maintaining Debian-based systems. The issue arises from the lack of proper permission checks in endpoints that manage relationships between artifacts. Specifically, the endpoints responsible for creating and deleting relationships between artifacts only require the ability to see the artifacts in question, without enforcing any additional permissions checks.
- Vendor
- Debian
- Product
- debusine
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-10
Who should care
Users of Debusine, especially those managing Debian-based distributions, should be aware of this vulnerability. Given its medium severity (CVSS score of 6.5), it is advisable for administrators to review and update their installations to mitigate potential risks.
Technical summary
The vulnerability, tracked as CVE-2026-11852, affects Debusine's artifact relationship management. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N, indicating a medium severity level. The weakness associated with this CVE is CWE-862.
Defensive priority
Medium
Recommended defensive actions
- Review and apply patches or updates provided by the Debusine maintainers to address the vulnerability.
- Ensure that proper permission checks are in place for managing artifact relationships.
- Monitor Debusine's official channels for updates and advisories related to this vulnerability.
Evidence notes
The CVE record and details were obtained from official sources, including CVE.org and the National Vulnerability Database (NVD). Additional references include commits and merge requests on the Debusine project page on Salsa.debian.org.
Official resources
CVE-2026-11852 was published on 2026-06-10T10:16:31.350Z and modified on 2026-06-10T20:11:16.543Z.