CVE-2026-11852
Deferred Deferred - Pending Action

Debusine Artifact Relationship Permission Bypass

Publication date: 2026-06-10

Last updated on: 2026-06-10

Assigner: Debian GNU/Linux

Description
Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Files managed by debusine are organized into artifacts. The endpoints that create and delete relationships between artifacts enforced no permissions checks beyond being able to see the artifacts in question.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-10
Last Modified
2026-06-10
Generated
2026-06-30
AI Q&A
2026-06-11
EPSS Evaluated
2026-06-29
NVD
CVE-2026-11852
EUVD
EUVD-2026-35998

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The vulnerability in Debusine allows endpoints that create and delete relationships between artifacts to operate without proper permission checks beyond visibility of the artifacts. This could lead to unauthorized modification of data relationships, potentially impacting data integrity and confidentiality.

Such unauthorized access and modification could pose risks to compliance with standards like GDPR and HIPAA, which require strict controls over data access and integrity to protect personal and sensitive information.

However, the provided information does not explicitly detail the impact on compliance with these regulations.

Executive Summary

The vulnerability in Debusine involves its endpoints that create and delete relationships between artifacts. These endpoints do not enforce any permissions checks beyond verifying that a user can see the artifacts involved. This means that users who can view artifacts may be able to create or delete relationships between them without proper authorization.

Impact Analysis

This vulnerability could allow unauthorized users to manipulate the relationships between artifacts in Debusine. Such unauthorized modifications might lead to integrity issues, incorrect distribution or maintenance of Debian-based distributions, and potential disruption of system operations relying on these artifact relationships.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-11852. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart