CVE-2026-33326

{"id": "CVE-2026-33326", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2026-03-24T20:16:28.043", "references": [{"url": "https://github.com/keystonejs/keystone/security/advisories/GHSA-cgcg-q9jh-5pr2", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "Keystone is a content management system for Node.js. Prior to version 6.5.2, {field}.isFilterable access control can be bypassed in findMany queries by passing a cursor. This can be used to confirm the existence of records by protected field values. The fix for CVE-2025-46720 (field-level isFilterable bypass for update and delete mutations) added checks to the where parameter in update and delete mutations however the cursor parameter in findMany was not patched and accepts the same UniqueWhere input type. This issue has been patched in version 6.5.2."}, {"lang": "es", "value": "Keystone es un sistema de gesti\u00f3n de contenido para Node.js. Antes de la versi\u00f3n 6.5.2, el control de acceso {field}.isFilterable puede ser eludido en consultas findMany al pasar un cursor. Esto puede usarse para confirmar la existencia de registros mediante valores de campos protegidos. La correcci\u00f3n para CVE-2025-46720 (elusi\u00f3n de isFilterable a nivel de campo para mutaciones de actualizaci\u00f3n y eliminaci\u00f3n) a\u00f1adi\u00f3 comprobaciones al par\u00e1metro where en las mutaciones de actualizaci\u00f3n y eliminaci\u00f3n; sin embargo, el par\u00e1metro cursor en findMany no fue parcheado y acepta el mismo tipo de entrada UniqueWhere. Este problema ha sido parcheado en la versi\u00f3n 6.5.2."}], "lastModified": "2026-05-04T15:26:15.500", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:keystonejs:keystone:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "7115F298-5F71-4F46-ADD2-ED8159B278A5", "versionEndExcluding": "6.5.2"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}