Authorization Bypass Vulnerability in FlaskBB Forum Software
CVE-2026-22659
7.2HIGH
What is CVE-2026-22659?
FlaskBB versions prior to 2.2.0 are vulnerable to an authorization bypass issue that permits registered moderators to perform unauthorized actions on forum topics not under their control. By crafting requests with manipulated topic ID lists, attackers can exploit the vulnerability by including a low-ID topic from a permitted forum, thus circumventing permission checks for subsequent topics. This allows unauthorized modifications such as locking, unlocking, deleting, or hiding topics across unmoderated forums, posing a significant risk to forum integrity.
Affected Version(s)
flaskbb 0 <= 2.2.0
flaskbb 0 <= 2.2.0
flaskbb https://github.com/flaskbb/flaskbb/commit/a5da9a52
