CVE-2026-0650

OpenFlagr versions prior to and including 1.1.18 contain an authentication bypass vulnerability in the HTTP middleware. Due to improper handling of path normalization in the whitelist logic, crafted requests can bypass authentication and access protected API endpoints without valid credentials. Unauthorized access may allow modification of feature flags and export of sensitive data.

CVSS

No CVSS.

References

Link	Resource
https://dreyand.rs/code%20review/golang/2026/01/03/0day-speedrun-openflagr-less-1118-authentication-bypass
https://github.com/openflagr/flagr/releases/tag/1.1.19
https://www.vulncheck.com/advisories/openflagr-authentication-bypass-via-prefix-whitelist-path-normalization

Configurations

No configuration.

History

07 Jan 2026, 12:17

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-07 12:17

Updated : 2026-01-08 18:08

NVD link : CVE-2026-0650

Mitre link : CVE-2026-0650

CVE.ORG link : CVE-2026-0650

JSON object : View

Products Affected

No product.

CWE

CWE-306

Missing Authentication for Critical Function

CWE-425

Direct Request ('Forced Browsing')

{"id": "CVE-2026-0650", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-07T12:17:07.727", "references": [{"url": "https://dreyand.rs/code%20review/golang/2026/01/03/0day-speedrun-openflagr-less-1118-authentication-bypass", "source": "disclosure@vulncheck.com"}, {"url": "https://github.com/openflagr/flagr/releases/tag/1.1.19", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/openflagr-authentication-bypass-via-prefix-whitelist-path-normalization", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-306"}, {"lang": "en", "value": "CWE-425"}]}], "descriptions": [{"lang": "en", "value": "OpenFlagr versions prior to and including 1.1.18 contain an authentication bypass vulnerability in the HTTP middleware. Due to improper handling of path normalization in the whitelist logic, crafted requests can bypass authentication and access protected API endpoints without valid credentials. Unauthorized access may allow modification of feature flags and export of sensitive data."}], "lastModified": "2026-01-08T18:08:54.147", "sourceIdentifier": "disclosure@vulncheck.com"}