CVE-2026-11852
Received Received - Intake
Debusine Artifact Relationship Permission Bypass

Publication date: 2026-06-10

Last updated on: 2026-06-10

Assigner: Debian GNU/Linux

Description
Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Files managed by debusine are organized into artifacts. The endpoints that create and delete relationships between artifacts enforced no permissions checks beyond being able to see the artifacts in question.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-10
Last Modified
2026-06-10
Generated
2026-06-10
AI Q&A
2026-06-10
EPSS Evaluated
N/A
NVD
CVE-2026-11852
EUVD
EUVD-2026-35998
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in Debusine involves its endpoints that create and delete relationships between artifacts. These endpoints do not enforce any permissions checks beyond verifying that a user can see the artifacts involved. This means that users who can view artifacts may be able to create or delete relationships between them without proper authorization.

Impact Analysis

This vulnerability could allow unauthorized users to manipulate the relationships between artifacts in Debusine. Such unauthorized modifications might lead to integrity issues, incorrect distribution or maintenance of Debian-based distributions, and potential disruption of system operations relying on these artifact relationships.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-11852. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart