PatchSiren

chevereto CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM chevereto CVE published 2026-07-07

CVE-2026-55417

CVE-2026-55417 is a vulnerability in Chevereto, a self-hosted media-sharing platform. When a user enables the private profile option, their profile HTML route (/username) correctly returns 404. However, the /json AJAX listing endpoint does not apply the same check. An unauthenticated caller who knows the target's user ID can retrieve all of that user's publicly-scoped images, revealing the username (which [truncated]