MEDIUM
cvat-ai
CVE published 2026-06-30
CVE-2026-58373
The Computer Vision Annotation Tool (CVAT) contains an improper authorization vulnerability, tracked as CVE-2026-58373, affecting CVAT versions before 2.69.0. This issue allows authenticated attackers to enumerate quality report identifiers belonging to other organizations by exploiting a missing check_object_permissions call on the parent_id query parameter of the quality reports API endpoint. The vulner [truncated]