Broken Permission Filter in Mythic Affects Data Integrity
CVE-2026-57951

7.1HIGH

Key Information:

Vendor: Its-a-feature
Status: Mythic
Vendor: CVE Published:; 29 June 2026

🔔 Create Its-a-feature Vulnerability Alert

What is CVE-2026-57951?

Mythic versions prior to 3.4.0.60 are susceptible to a vulnerability where an improperly configured permission filter on the payload_build_step table permits authenticated users, including operators and spectators, to bypass security controls. This flaw allows them to access sensitive information such as step_stdout, step_stderr, step_name, and step_description from all operations on the server, potentially compromising data integrity and confidentiality.