CVE-2026-33125
Received Received - Intake
Privilege Escalation in Frigate NVR Allows Account Deletion

Publication date: 2026-03-20

Last updated on: 2026-03-20

Assigner: GitHub, Inc.

Description
Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. In versions 0.16.2 and below, users with the viewer role can delete admin and low-privileged user accounts. Exploitation can lead to DoS and affect data integrity. This issue has been patched in version 0.16.3.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-20
Last Modified
2026-03-20
Generated
2026-06-16
AI Q&A
2026-03-20
EPSS Evaluated
2026-06-14
NVD
CVE-2026-33125
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
frigate frigate to 0.16.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-285 The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-33125 is a high-severity broken access control vulnerability in the Frigate network video recorder software, specifically in versions 0.16.2 and below.'}, {'type': 'paragraph', 'content': "The vulnerability allows users with the 'viewer' role to delete admin and other user accounts by accessing the DELETE /api/users/admin endpoint, which is improperly accessible even to anonymous users."}, {'type': 'paragraph', 'content': 'This happens because the system fails to enforce proper authorization checks, allowing unauthorized users to perform sensitive actions.'}] [1]

Impact Analysis

Exploitation of this vulnerability can lead to denial of service (DoS) by deleting admin accounts, which disrupts the normal operation of the Frigate system.

It also compromises data integrity by allowing unauthorized modification of user accounts.

Since the attack requires only low privileges (viewer role) and no user interaction, it is relatively easy to exploit remotely.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring access to the DELETE /api/users/admin endpoint, which should be restricted to admin users only. Unauthorized access or deletion attempts by users with the viewer role or anonymous users indicate exploitation.'}, {'type': 'paragraph', 'content': 'You can use network monitoring tools or web server logs to detect suspicious DELETE requests to /api/users/admin from non-admin users.'}, {'type': 'paragraph', 'content': 'Example commands to detect such activity might include:'}, {'type': 'list_item', 'content': "Using grep on server logs to find DELETE requests to the vulnerable endpoint: `grep 'DELETE /api/users/admin' /var/log/frigate/access.log`"}, {'type': 'list_item', 'content': "Using curl to test if the endpoint is accessible without proper admin authorization: `curl -X DELETE http://<frigate-server>/api/users/admin -H 'Authorization: Bearer <viewer-token>'`"}, {'type': 'list_item', 'content': 'Using network packet capture tools like tcpdump or Wireshark to filter HTTP DELETE requests to /api/users/admin.'}] [1]

Mitigation Strategies

The immediate mitigation step is to upgrade Frigate to version 0.16.3 or later, where this vulnerability has been patched.

The patch restricts the DELETE /api/users/admin endpoint to authenticated admin users only by adding proper authorization checks.

Until the upgrade can be applied, restrict network access to the Frigate API to trusted users only and monitor for unauthorized DELETE requests to the /api/users/admin endpoint.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-33125. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart