Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Lifecycle Timeline
3DescriptionCVE.org
Missing Authorization vulnerability in linethemes GLB glb allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GLB: from n/a through <= 1.2.2.
AnalysisAI
Insufficient access control in Linethemes GLB through version 1.2.2 allows authenticated users to bypass security restrictions and gain unauthorized access to restricted resources. An attacker with valid credentials could exploit misconfigured access controls to view or modify sensitive data they should not have permission to access. No patch is currently available for this vulnerability.
Technical ContextAI
The vulnerability stems from CWE-862 (Missing Authorization), a class of defect where the application fails to properly verify user permissions before granting access to sensitive functionality or data. linethemes GLB, identifiable via CPE cpe:2.3:a:linethemes:glb, is affected through version 1.2.2. The root cause involves inadequate enforcement of access control policies at the application layer, meaning authentication (confirming who the user is) is present, but authorization (confirming what they may do) is missing or bypass-able. This typically manifests when role-based or attribute-based access control rules are not consistently applied across all endpoints or functions, allowing a low-privileged authenticated user to access administrative or peer resources.
RemediationAI
Upgrade linethemes GLB to version 1.2.3 or later, which addresses the missing authorization vulnerability. This is the primary remediation path and should be prioritized. Until patching is feasible, implement network-level access controls to restrict GLB instance connectivity to trusted internal networks only, enforce mutual TLS authentication between clients and GLB, and review and strengthen role-based access control (RBAC) configurations within GLB's settings to minimize the scope of actions low-privileged authenticated users can perform. Additionally, enable detailed audit logging of all authorization decisions and periodically review user access rights to detect anomalous permission usage.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-11897