CVE-2026-24560
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-23

Last updated on: 2026-04-28

Assigner: Patchstack

Description
Missing Authorization vulnerability in Cloudinary Cloudinary cloudinary-image-management-and-manipulation-in-the-cloud-cdn allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cloudinary: from n/a through <= 3.3.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-23
Last Modified
2026-04-28
Generated
2026-06-16
AI Q&A
2026-01-23
EPSS Evaluated
2026-06-15
NVD
CVE-2026-24560
EUVD
EUVD-2026-4246
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
cloudinary cloudinary_image_management_and_manipulation_in_the_cloud_cdn to 3.3.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-24560 is a Broken Access Control vulnerability in the WordPress Cloudinary Plugin up to version 3.3.0. It occurs due to missing authorization, authentication, or nonce token checks in certain plugin functions, which allows unprivileged users (such as subscribers or developers) to perform actions that normally require higher privileges. [1]

Impact Analysis

This vulnerability can allow users with low privileges to perform unauthorized actions that should be restricted to higher privilege users. However, it has a CVSS severity score of 5.4, indicating a low priority and low impact threat. Exploitation is considered unlikely, but it could potentially lead to unauthorized access or manipulation within the plugin's functionality. [1]

Detection Guidance

There are no specific detection commands or network indicators provided for this vulnerability. Users are advised to monitor for unusual privilege escalations or unauthorized actions within the WordPress Cloudinary Plugin, but no concrete detection methods or commands are detailed. [1]

Mitigation Strategies

Since no official fix or patched version is currently available, immediate mitigation steps include monitoring for updates or mitigations from the vendor, restricting user privileges to minimize risk, and closely observing plugin usage for unauthorized actions. Applying strict access controls and limiting plugin usage to trusted users may help reduce exposure. [1]

Compliance Impact

The provided information does not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24560. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart