Skip to main content

LibrePhotos CVE-2026-57943

| EUVDEUVD-2026-40161 MEDIUM
Authorization Bypass Through User-Controlled Key (CWE-639)
2026-06-29 disclosure@vulncheck.com GHSA-6649-8h33-mv2c
6.0
CVSS 4.0 · Vendor: vulncheck
Share

Severity by source

Vendor (vulncheck) PRIMARY
6.0 MEDIUM
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.9 MEDIUM

Network-exploitable with authenticated low-privilege access (PR:L) and enumeration requirement (AC:H); high confidentiality, low integrity, no availability impact and no scope change.

3.1 AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
4.0 AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (vulncheck).

CVSS VectorVendor: vulncheck

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Patch available
Jun 29, 2026 - 19:01 EUVD
Analysis Generated
Jun 29, 2026 - 18:37 vuln.today

DescriptionCVE.org

LibrePhotos before 1.0.0 contains a broken object level authorization vulnerability in the SetPhotosShared endpoint that allows authenticated users to grant themselves access to other users' private photos by bypassing ownership validation. Attackers can manipulate shared_to relations without proper owner checks to read arbitrary private photos belonging to other users.

AnalysisAI

Broken object-level authorization (BOLA/IDOR) in LibrePhotos prior to version 1.0.0 allows any authenticated user to read private photos belonging to other users by manipulating shared_to relationship parameters in the SetPhotosShared endpoint without server-side ownership validation. The attack vector is network-accessible and requires only a low-privilege account, delivering high confidentiality impact against victim photo libraries. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate to LibrePhotos instance
Delivery
Enumerate target user or photo identifiers via API
Exploit
Craft malicious SetPhotosShared request with victim photo IDs
Execution
Bypass ownership validation on server
Impact
Access victim's private photos

Vulnerability AssessmentAI

Exploitation Exploitation requires a valid authenticated account on the target LibrePhotos instance, corresponding to PR:L in the CVSS vector - unauthenticated exploitation is not possible. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 6.0 reflects network exploitability with a low-privilege authenticated requirement (PR:L) and elevated attack complexity (AC:H), the latter implying that exploitation requires enumerating or guessing valid photo or user identifiers belonging to other accounts. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated user on a shared LibrePhotos instance crafts a POST request to the SetPhotosShared endpoint, substituting the shared_to parameter with photo IDs belonging to another user's private library. Because the server does not verify that the authenticated requester owns the referenced photos, the sharing relationship is written successfully, granting the attacker read access to the victim's private photos. …
Remediation Upgrade to LibrePhotos version 1.0.0 or later, which resolves this authorization bypass via commit 325bd1f5fda71c6d56737aa09cfce0cb8106675a (pull request #1866 at https://github.com/LibrePhotos/librephotos/pull/1866). … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-57943 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy