CVE-2026-25660
Awaiting Analysis
Awaiting Analysis - Queue
BaseFortify
Publication date: 2026-04-24
Last updated on: 2026-04-27
Assigner: Ericsson
Description
Description
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy.
Authentication bypass occurs when the URL ends with Authentication with certain function calls.Β This bypass allows assigning arbitrary permission to any user existing in CodeChecker.
This issue affects CodeChecker: through 6.27.3.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ericsson | codechecker | to 6.27.4 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-290 | This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks. |
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70