Privilege Escalation Vulnerability in Pelican WebUI
CVE-2026-42571

9CRITICAL

Key Information:

Vendor: Pelicanplatform
Status: Pelican
Vendor: CVE Published:; 9 May 2026

🔔 Create Pelicanplatform Vulnerability Alert

What is CVE-2026-42571?

Pelican, a platform designed for creating data federations, has reported a vulnerability in its Web User Interface (WebUI) for several versions. This privilege escalation issue allows authenticated users accessing the WebUI via OAuth to potentially acquire administrative privileges depending on specific configuration settings. The vulnerability affects versions from 7.21.0 to before 7.21.5, 7.22.0 to before 7.22.3, 7.23.0 to before 7.23.3, and 7.24.0 to before 7.24.2. The issue has been addressed in subsequent releases, including versions 7.21.5, 7.22.3, 7.23.3, and 7.24.2.

Affected Version(s)

pelican >= 7.21.0, < 7.21.5 < 7.21.0, 7.21.5

pelican >= 7.22.0, < 7.22.3 < 7.22.0, 7.22.3

pelican >= 7.23.0, < 7.23.3 < 7.23.0, 7.23.3

References

https://github.com/PelicanPlatform/pelican/security/advis...

x_refsource_CONFIRM

https://github.com/PelicanPlatform/pelican/commit/7f73b9c...

x_refsource_MISC

CVSS V4

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 9, 2026
Vulnerability Reserved
Apr 28, 2026

CVE-2026-42571 Data

JSON