Authorization Flaw in Frigate Network Video Recorder Affects IP Camera Security
CVE-2026-33470

6.5MEDIUM

Key Information:

Vendor: Blakeblackshear
Status: Frigate
Vendor: CVE Published:; 26 March 2026

🔔 Create Blakeblackshear Vulnerability Alert

What is CVE-2026-33470?

In Frigate version 0.17.0, a low-privilege authenticated user, limited to access a single IP camera, is able to retrieve snapshots from other unauthorized cameras. This vulnerability arises from a two-fold authorization failure where the API endpoints allow for unauthorized timeline access and do not properly validate camera access during snapshot retrieval. As a result, individuals could enumerate event IDs from restricted cameras and fetch snapshots of those events, posing significant privacy and security risks. Version 0.17.1 addresses and resolves these issues, improving system integrity.

Affected Version(s)

frigate = 0.17.0

References

https://github.com/blakeblackshear/frigate/security/advis...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 26, 2026
Vulnerability Reserved
Mar 20, 2026

CVE-2026-33470 Data

JSON