PatchSiren

OpenFlagr CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL OpenFlagr CVE published 2026-01-07

CVE-2026-0650

CVE-2026-0650 is an authentication bypass vulnerability in OpenFlagr versions prior to and including 1.1.18. The vulnerability allows crafted requests to bypass authentication and access protected API endpoints without valid credentials. This may allow modification of feature flags and export of sensitive data. Affected users should apply patches and review their inventory.