Serverless Express

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-4171 MEDIUM POC This Month

CVE-2026-4171 is an authorization bypass vulnerability in CodeGenieApp serverless-express affecting versions up to 4.17.1, where manipulation of the userId parameter in the API Endpoint component allows authenticated attackers to access or modify resources belonging to other users. A public proof-of-concept exploit exists, the vendor has not responded to early disclosure, and the vulnerability carries a CVSS score of 6.3 with exploitation rated as Probable (EPSS indicator); while not currently in CISA KEV, the combination of public POC availability and low attack complexity represents moderate real-world risk.

Authentication Bypass Serverless Express
NVD VulDB GitHub
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-4171
EPSS 0% CVSS 6.3
MEDIUM POC This Month

CVE-2026-4171 is an authorization bypass vulnerability in CodeGenieApp serverless-express affecting versions up to 4.17.1, where manipulation of the userId parameter in the API Endpoint component allows authenticated attackers to access or modify resources belonging to other users. A public proof-of-concept exploit exists, the vendor has not responded to early disclosure, and the vulnerability carries a CVSS score of 6.3 with exploitation rated as Probable (EPSS indicator); while not currently in CISA KEV, the combination of public POC availability and low attack complexity represents moderate real-world risk.

Authentication Bypass Serverless Express
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy