CVE-2026-33125

Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. In versions 0.16.2 and below, users with the viewer role can delete admin and low-privileged user accounts. Exploitation can lead to DoS and affect data integrity. This issue has been patched in version 0.16.3.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/blakeblackshear/frigate/releases/tag/v0.16.3	Release Notes
https://github.com/blakeblackshear/frigate/security/advisories/GHSA-vg28-83rp-8xx4	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:frigate:frigate:*:*:*:*:*:*:*:*

History

20 Mar 2026, 20:01

Type	Values Removed	Values Added
Summary		(es) Frigate es un grabador de vídeo en red (NVR) con detección de objetos local en tiempo real para cámaras IP. En las versiones 0.16.2 e inferiores, los usuarios con el rol de espectador pueden eliminar cuentas de administrador y de usuario con pocos privilegios. La explotación puede conducir a DoS y afectar la integridad de los datos. Este problema ha sido parcheado en la versión 0.16.3.
First Time		Frigate frigate Frigate
CPE		cpe:2.3:a:frigate:frigate::::::::
References	~~() https://github.com/blakeblackshear/frigate/releases/tag/v0.16.3 -~~	() https://github.com/blakeblackshear/frigate/releases/tag/v0.16.3 - Release Notes
References	~~() https://github.com/blakeblackshear/frigate/security/advisories/GHSA-vg28-83rp-8xx4 -~~	() https://github.com/blakeblackshear/frigate/security/advisories/GHSA-vg28-83rp-8xx4 - Exploit, Vendor Advisory

20 Mar 2026, 10:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-20 10:16

Updated : 2026-03-20 20:01

NVD link : CVE-2026-33125

Mitre link : CVE-2026-33125

CVE.ORG link : CVE-2026-33125

JSON object : View

Products Affected

frigate

frigate

CWE

CWE-285

Improper Authorization

{"id": "CVE-2026-33125", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2026-03-20T10:16:19.013", "references": [{"url": "https://github.com/blakeblackshear/frigate/releases/tag/v0.16.3", "tags": ["Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/blakeblackshear/frigate/security/advisories/GHSA-vg28-83rp-8xx4", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-285"}]}], "descriptions": [{"lang": "en", "value": "Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. In versions 0.16.2 and below, users with the viewer role can delete admin and low-privileged user accounts. Exploitation can lead to DoS and affect data integrity. This issue has been patched in version 0.16.3."}, {"lang": "es", "value": "Frigate es un grabador de v\u00eddeo en red (NVR) con detecci\u00f3n de objetos local en tiempo real para c\u00e1maras IP. En las versiones 0.16.2 e inferiores, los usuarios con el rol de espectador pueden eliminar cuentas de administrador y de usuario con pocos privilegios. La explotaci\u00f3n puede conducir a DoS y afectar la integridad de los datos. Este problema ha sido parcheado en la versi\u00f3n 0.16.3."}], "lastModified": "2026-03-20T20:01:42.793", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:frigate:frigate:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B744C6E-3CD3-4E1B-86E8-4159D6364293", "versionEndExcluding": "0.16.3"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}