CVE 6.1 MEDIUM

SigNoz 0.130.1 – Cross-Organization Insecure Direct Object Reference in Alert Rules_CVE-2026-57956

6.1 / 10
MEDIUM
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N

Description

SigNoz through 0.130.1 contains a broken access control vulnerability that allows authenticated users to access other organizations' alert rules by supplying a target rule UUID, as the alert rule store predicates fail to filter by organization ID. Attackers can read, edit, and delete alert rules belonging to other organizations by exploiting the missing tenant isolation check, bypassing multi-tenant access controls.

Basic Information

ID CVE-2026-57956
Source VulnCheck
Published Jun 29, 2026 at 17:22

Affected Product

Vendor SigNoz
Product signoz
Affected Versions SigNoz signoz 0

CWE Classification

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.