Bugsink: Issue bulk actions can affect another project’s issue if...

3.1 / 10

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

Description

Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, In affected versions, the issue list view authorizes access through the project in the URL, but applies the requested bulk action to the submitted issue IDs without also requiring those issues to belong to that project. This vulnerability is fixed in 2.2.0.

Basic Information

ID CVE-2026-47716

Source GitHub_M

Published May 26, 2026 at 16:23

Affected Product

Vendor bugsink

Product bugsink

Version < 2.2.0

Affected Versions bugsink bugsink < 2.2.0

CWE Classification

CWE-639

References

{
    "lastseen": "",
    "description": "Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, In affected versions, the issue list view authorizes access through the project in the URL, but applies the requested bulk action to the submitted issue IDs without also requiring those issues to belong to that project. This vulnerability is fixed in 2.2.0.",
    "published": "2026-05-26T16:23:34.591Z",
    "modified": "2026-05-26T16:23:34.591Z",
    "type": "cve",
    "title": "Bugsink: Issue bulk actions can affect another project\u2019s issue if its UUID is known",
    "source": "GitHub_M",
    "references": "https://github.com/bugsink/bugsink/security/advisories/GHSA-g5vc-q7qc-v939\nhttps://github.com/bugsink/bugsink/releases/tag/2.2.0",
    "id": "CVE-2026-47716",
    "bulletinFamily": "",
    "cwe": [
        "CWE-639"
    ],
    "cvelist": null,
    "sourceData": "bugsink bugsink < 2.2.0",
    "sourceHref": "",
    "cvss": {
        "score": 3.1,
        "severity": "LOW",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "bugsink",
    "version": "< 2.2.0",
    "vendor": "bugsink",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Bugsink: Issue bulk actions can affect another project’s issue if its UUID is known_CVE-2026-47716