Authorization Bypass in Guohongze Adminset Delivery Deployment Endpoint
CVE-2026-16217
Key Information:
Badges
What is CVE-2026-16217?
A security vulnerability has been identified in the Guohongze Adminset version up to 0.61, specifically within the Delivery Deployment Endpoint's deli.py file. The vulnerability lies in how the project_id argument is processed, potentially allowing unauthorized access. This issue can be exploited remotely, granting attackers the ability to bypass authorization mechanisms unexpectedly. The problem has been publicly disclosed, and despite the project's early notification about the issue, no response has been provided.
Affected Version(s)
adminset 0.1
adminset 0.2
adminset 0.3
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
