Nixpkgs security tracker
Untriaged
Permalink
CVE-2026-33125
7.1 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): LOW
- Availability impact (A): HIGH
Frigate Broken Access Control: Users assigned the viewer role can delete admin and other low-privileged accounts
Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. In versions 0.16.2 and below, users with the viewer role can delete admin and low-privileged user accounts. Exploitation can lead to DoS and affect data integrity. This issue has been patched in version 0.16.3.
References
-
https://github.com/blakeblackshear/frigate/releases/tag/v0.16.3 x_refsource_MISC
Affected products
frigate
- ==< 0.16.3
Matching in nixpkgs
pkgs.frigate
NVR with realtime local object detection for IP cameras
pkgs.pkgsRocm.frigate
NVR with realtime local object detection for IP cameras
Package maintainers
-
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
-
@presto8 Preston Hunt <me@prestonhunt.com>