CVE 9.3 CRITICAL

Authentication bypass for certain API calls_CVE-2026-25660

April 24, 2026 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/S:N/AU:Y/R:U/V:C/RE:M/U:Red

Description

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy.
Authentication bypass occurs when the URL ends with Authentication with certain function calls. This bypass allows assigning arbitrary permission to any user existing in CodeChecker.

This issue affects CodeChecker: through 6.27.3.

AI Analysis

Authentication bypass vulnerability allowing arbitrary permission assignment to existing users

Basic Information

ID CVE-2026-25660

Source ERIC

Published Apr 24, 2026 at 13:10

Affected Product

Vendor Ericsson

Product CodeChecker

Affected Versions Ericsson CodeChecker 0

CWE Classification

CWE-290 CWE-863

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor Ericsson

Product CodeChecker

Version through 6.27.3

References

github.com /Ericsson/codechecker/security/advisories/GHSA-4v9x-cqc5-j645

{
    "lastseen": "",
    "description": "CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. \nAuthentication bypass occurs when the URL ends with Authentication with certain function calls.\u00a0 This bypass allows assigning arbitrary permission to any user existing in CodeChecker.\n\nThis issue affects CodeChecker: through 6.27.3.",
    "published": "2026-04-24T13:10:26.171Z",
    "modified": "2026-04-24T13:10:26.171Z",
    "type": "cve",
    "title": "Authentication bypass for certain API calls",
    "source": "ERIC",
    "references": "https://github.com/Ericsson/codechecker/security/advisories/GHSA-4v9x-cqc5-j645",
    "id": "CVE-2026-25660",
    "bulletinFamily": "",
    "cwe": [
        "CWE-290",
        "CWE-863"
    ],
    "cvelist": null,
    "sourceData": "Ericsson CodeChecker 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/S:N/AU:Y/R:U/V:C/RE:M/U:Red",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "CodeChecker",
    "version": "0",
    "vendor": "Ericsson",
    "ai_description": "Authentication bypass vulnerability allowing arbitrary permission assignment to existing users",
    "ai_severity": "Critical",
    "ai_vendor": "Ericsson",
    "ai_product": "CodeChecker",
    "ai_version": "through 6.27.3",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply