PatchSiren

PelicanPlatform CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL PelicanPlatform CVE published 2026-05-09

CVE-2026-42571

CVE-2026-42571 is a critical access-control flaw in Pelican's Web User Interface (WebUI). In affected releases, a user authenticated to the WebUI via OAuth can escalate to admin privileges under certain configurations. Fixed releases are 7.21.5, 7.22.3, 7.23.3, and 7.24.2.