Skip to main content

Glb CVE-2026-32388

| EUVDEUVD-2026-11897 MEDIUM
Missing Authorization (CWE-862)
2026-03-13 Patchstack
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
Low

Lifecycle Timeline

3
EUVD ID Assigned
Mar 13, 2026 - 16:57 euvd
EUVD-2026-11897
Analysis Generated
Mar 13, 2026 - 16:57 vuln.today
CVE Published
Mar 13, 2026 - 11:42 nvd
MEDIUM 5.4

DescriptionCVE.org

Missing Authorization vulnerability in linethemes GLB glb allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GLB: from n/a through <= 1.2.2.

AnalysisAI

Insufficient access control in Linethemes GLB through version 1.2.2 allows authenticated users to bypass security restrictions and gain unauthorized access to restricted resources. An attacker with valid credentials could exploit misconfigured access controls to view or modify sensitive data they should not have permission to access. No patch is currently available for this vulnerability.

Technical ContextAI

The vulnerability stems from CWE-862 (Missing Authorization), a class of defect where the application fails to properly verify user permissions before granting access to sensitive functionality or data. linethemes GLB, identifiable via CPE cpe:2.3:a:linethemes:glb, is affected through version 1.2.2. The root cause involves inadequate enforcement of access control policies at the application layer, meaning authentication (confirming who the user is) is present, but authorization (confirming what they may do) is missing or bypass-able. This typically manifests when role-based or attribute-based access control rules are not consistently applied across all endpoints or functions, allowing a low-privileged authenticated user to access administrative or peer resources.

RemediationAI

Upgrade linethemes GLB to version 1.2.3 or later, which addresses the missing authorization vulnerability. This is the primary remediation path and should be prioritized. Until patching is feasible, implement network-level access controls to restrict GLB instance connectivity to trusted internal networks only, enforce mutual TLS authentication between clients and GLB, and review and strengthen role-based access control (RBAC) configurations within GLB's settings to minimize the scope of actions low-privileged authenticated users can perform. Additionally, enable detailed audit logging of all authorization decisions and periodically review user access rights to detect anomalous permission usage.

Share

CVE-2026-32388 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy