CRITICAL
OpenFlagr
CVE published 2026-01-07
CVE-2026-0650
CVE-2026-0650 is an authentication bypass vulnerability in OpenFlagr versions prior to and including 1.1.18. The vulnerability allows crafted requests to bypass authentication and access protected API endpoints without valid credentials. This may allow modification of feature flags and export of sensitive data. Affected users should apply patches and review their inventory.