CWE-639 通过用户控制密钥绕过授权机制 类弱点 1322 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-639 属于授权绕过漏洞,指系统依赖用户可控的键值检索数据时,未验证该键值是否属于当前请求用户。攻击者通过篡改标识符(如ID),直接访问其他用户的数据记录。开发者应避免使用直接暴露的键值,转而采用间接引用或会话上下文验证,确保每次数据访问前严格校验资源归属权,从而防止越权访问。
... conn = new SqlConnection(_ConnectionString); conn.Open(); int16 id = System.Convert.ToInt16(invoiceID.Text); SqlCommand query = new SqlCommand( "SELECT * FROM invoices WHERE id = @id", conn); query.Parameters.AddWithValue("@id", id); SqlDataReader objReader = objCommand.ExecuteReader(); ...| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2026-59100 | LobeChat 2.2.9 通过聊天组代理操作的错误对象级别授权漏洞 — lobehub | 5.0 | Medium | 2026-07-02 |
| CVE-2026-59098 | LobeChat 2.2.9 跨用户文档泄露漏洞 — lobehub | 6.5 | Medium | 2026-07-02 |
| CVE-2026-58580 | LobeChat 2.2.9 消息子资源写入对象级权限绕过漏洞 — lobehub | 5.9 | Medium | 2026-07-02 |
| CVE-2026-58653 | PraisonAI 未验证 project_id 导致创建/更新权限绕过漏洞 — PraisonAI | 4.3 | Medium | 2026-07-02 |
| CVE-2026-57680 | WordPress Kirki插件<=6.0.11 不安全的直接对象引用(IDOR)漏洞 — Kirki | 6.5 | Medium | 2026-07-02 |
| CVE-2026-11896 | My Calendar <=3.7.14 未授权敏感信息泄露漏洞 — My Calendar – Accessible Event Manager | 5.3 | Medium | 2026-07-02 |
| CVE-2026-12657 | LatePoint <= 5.6.2 未认证IDOR漏洞 — LatePoint – Calendar Booking Plugin for Appointments and Events | 5.3 | Medium | 2026-07-02 |
| CVE-2026-9188 | Wappointment <=2.7.6 未授权直接对象引用漏洞 — Appointment Bookings for Zoom GoogleMeet and more – Wappointment | 5.3 | Medium | 2026-07-02 |
| CVE-2026-5348 | Academy LMS <= 3.8.1 未认证不安全的直接对象引用导致私密主题泄露 — Academy LMS – WordPress LMS Plugin for Complete eLearning Solution | 5.3 | Medium | 2026-07-02 |
| CVE-2026-5138 | Foreman 嵌套请求参数验证不当导致信息泄露漏洞 — Red Hat Satellite 6.16 for RHEL 8 | 4.3 | Medium | 2026-07-01 |
| CVE-2026-5135 | Foreman 主机配置未授权修改漏洞 — Red Hat Satellite 6.16 for RHEL 8 | 6.5 | Medium | 2026-07-01 |
| CVE-2026-5142 | Foreman 通过分类作用域绕过实现跨租户私钥泄露 — Red Hat Satellite 6.16 for RHEL 8 | 6.5 | Medium | 2026-07-01 |
| CVE-2026-53903 | MCO 直接对象引用漏洞 — MCO | - | - | 2026-07-01 |
| CVE-2026-10096 | Qi Blocks <= 1.4.9 任意样式修改漏洞 — Qi Blocks | 4.3 | Medium | 2026-07-01 |
| CVE-2026-11988 | LearnPress ≤4.3.9.1 越权敏感信息泄露漏洞 — LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | 6.5 | Medium | 2026-07-01 |
| CVE-2026-12904 | Kadence Blocks <=3.7.7 越权删除/读取/修改优化器数据漏洞 — Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | 4.3 | Medium | 2026-07-01 |
| CVE-2026-56230 | Capgo x-limited-key-id 头绕过对象级权限验证漏洞 — Capgo | 8.8 | High | 2026-06-30 |
| CVE-2026-58447 | Invidious 缺少所有权检查导致跨用户播放列表视频删除漏洞 — Invidious | 6.5 | Medium | 2026-06-30 |
| CVE-2026-10140 | Langflow 跨租户API密钥复用与计费欺诈漏洞 — Langflow OSS | 9.6 | Critical | 2026-06-30 |
| CVE-2026-27956 | Coolify 通过 domains_by_server 接口实现跨团队应用域名枚举漏洞 — coolify | 4.3 | Medium | 2026-06-30 |
| CVE-2026-27883 | Coolify 部署 API 越权漏洞 — coolify | 5.0 | Medium | 2026-06-30 |
| CVE-2026-27881 | Coolify 通过 GET /api/v1/deployments/{uuid} 实现越权信息泄露漏洞 — coolify | 5.0 | Medium | 2026-06-30 |
| CVE-2026-14209 | Keycloak-admin-ui 暴力破解用户端点绕过权限限制漏洞 — Red Hat Build of Keycloak | 4.3 | Medium | 2026-06-30 |
| CVE-2026-12073 | ProfileGrid <= 5.9.9.5 未授权提权漏洞 — ProfileGrid – User Profiles, Groups and Communities | 9.8 | Critical | 2026-06-30 |
| CVE-2026-34592 | Coolify 未限定服务器和项目查询导致 SSH 密钥泄露 — coolify | 7.7 | High | 2026-06-29 |
| CVE-2026-57498 | Coolify 跨团队越权漏洞:Livewire组件接受未绑定的server_id和destination_uuid,可部署到其他团队服务器 — coolify | 9.6 | Critical | 2026-06-29 |
| CVE-2026-57956 | SigNoz 0.130.1 告警规则跨组织不安全的直接对象引用漏洞 — signoz | 6.4 | Medium | 2026-06-29 |
| CVE-2026-57945 | PhotoPrism 通过 PUT /api/v1/users/{uid} 接口未授权修改用户资料漏洞 — photoprism | 4.3 | Medium | 2026-06-29 |
| CVE-2026-57943 | LibrePhotos < 1.0.0 设置照片共享端点不安全的直接对象引用漏洞 — librephotos | 5.9 | Medium | 2026-06-29 |
| CVE-2026-56781 | Teable 投影参数覆盖导致未认证隐藏字段泄露漏洞 — teable | 5.3 | Medium | 2026-06-29 |
CWE-639(通过用户控制密钥绕过授权机制) 是常见的弱点类别,本平台收录该类弱点关联的 1322 条 CVE 漏洞。