PatchSiren

cvat-ai CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM cvat-ai CVE published 2026-06-30

CVE-2026-58373

The Computer Vision Annotation Tool (CVAT) contains an improper authorization vulnerability, tracked as CVE-2026-58373, affecting CVAT versions before 2.69.0. This issue allows authenticated attackers to enumerate quality report identifiers belonging to other organizations by exploiting a missing check_object_permissions call on the parent_id query parameter of the quality reports API endpoint. The vulner [truncated]