Skip to main content

Frigate EUVDEUVD-2026-42287

| CVE-2026-54652 HIGH
Improper Privilege Management (CWE-269)
2026-07-08 security-advisories@github.com
8.1
CVSS 3.1 · Vendor: github
Share

Severity by source

Vendor (github) PRIMARY
8.1 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
vuln.today AI
8.1 HIGH

Network endpoint reachable by any viewer so AV:N/AC:L/PR:L/UI:N; credential disclosure gives C:H and resulting admin takeover gives I:H, while direct availability impact is not demonstrated (A:N).

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (github).

CVSS VectorVendor: github

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jul 08, 2026 - 15:39 vuln.today

DescriptionCVE.org

Frigate is an open source network video recorder. In version 0.17.1, the GET /api/logs/{service} endpoint allows any authenticated user including the viewer role to download Frigate and nginx logs, exposing auto-generated admin passwords and camera credentials logged in request query strings and enabling viewer-to-admin privilege escalation. A fixed release has not been identified.

AnalysisAI

{service} endpoint to download raw Frigate and nginx logs. Those logs record request query strings containing auto-generated admin passwords and camera credentials, so a viewer can harvest them and re-authenticate as administrator. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Log in with viewer-role account
Delivery
Request GET /api/logs/nginx and /api/logs/frigate
Exploit
Download raw log files
Execution
Extract admin and camera credentials from query strings
Persist
Authenticate as administrator
Impact
Full control of NVR and cameras

Vulnerability AssessmentAI

Exploitation Exploitation requires one valid authenticated Frigate account at the viewer role or higher plus network reachability to the API - the viewer role suffices because GET /api/logs/{service} authenticates but does not enforce role-based authorization. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score is 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N), and the vector is internally consistent with the description: network-reachable, low complexity, low privileges (a valid viewer account), no user interaction, with high confidentiality and integrity impact from credential theft and subsequent admin takeover. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker holding a viewer-role Frigate account (granted, phished, or guessed) logs in and issues GET /api/logs/nginx and GET /api/logs/frigate. The returned logs contain URL query strings holding the auto-generated admin password and camera credentials; the attacker reads them and re-authenticates as administrator, gaining full control of the NVR and its cameras. …
Remediation No vendor-released patched version has been identified at time of analysis, but an upstream fix is available as commits (68e8afd35c76f05f68de47ee9588d2c91796de4b and bd1fc1cc72cd4fa371464a087cbf3d7f3142edc6 in blakeblackshear/frigate); the released, tagged patched version is not independently confirmed, so monitor the advisory at https://github.com/blakeblackshear/frigate/security/advisories/GHSA-c4qf-xxq4-vf55 and upgrade as soon as a fixed release ships, or build from the patched commits if you can validate them. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: rotate all administrator passwords and camera credentials that may have been logged; restrict network access to the Frigate log download endpoint to administrative networks only. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Nginx

View all
CVE-2013-2028 HIGH POC
7.5 Jul 20

The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cau

CVE-2025-1974 CRITICAL POC
9.8 Mar 25

A critical vulnerability in Kubernetes ingress-nginx controller allows unauthenticated attackers with pod network access

CVE-2013-4547 HIGH POC
7.5 Nov 23

nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescap

CVE-2023-50919 CRITICAL POC
9.8 Jan 12

An issue was discovered on GL.iNet devices before version 4.5.0. Rated critical severity (CVSS 9.8), this vulnerability

CVE-2017-7529 HIGH
7.5 Jul 13

Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range fi

CVE-2016-0742 HIGH
7.5 Feb 15

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid

CVE-2025-1098 HIGH POC
8.8 Mar 25

Kubernetes ingress-nginx contains a configuration injection vulnerability via the mirror-target and mirror-host Ingress

CVE-2025-24514 HIGH POC
8.8 Mar 25

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingres

CVE-2025-1097 HIGH POC
8.8 Mar 25

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-c

CVE-2022-31137 CRITICAL POC
9.8 Jul 08

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Rated critical severity (CVSS 9.8

CVE-2014-3556 MEDIUM
6.8 Dec 29

The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and

CVE-2026-42945 CRITICAL POC
9.2 May 13

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows remote attackers to crash worker

Share

EUVD-2026-42287 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy