CVE-2026-27833: Piwigo: Unauthenticated Information Disclosure via pwg.history.search API

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-27833

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Piwigo: Unauthenticated Information Disclosure via pwg.history.search API

Source: NVD (National Vulnerability Database)

Vulnerability Description

Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, the pwg.history.search API method in Piwigo is registered without the admin_only option, allowing unauthenticated users to access the full browsing history of all gallery visitors. This issue has been patched in version 16.3.0.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

授权机制缺失

Source: NVD (National Vulnerability Database)

Vulnerability Title

Piwigo 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Piwigo是Piwigo开源的一套基于Web的开源图片库软件。该软件包括图片管理、图片分类和权限管理等功能。 Piwigo 16.3.0之前版本存在安全漏洞，该漏洞源于pwg.history.search API方法未设置admin_only选项，可能导致未经验证的用户访问所有图库访客的完整浏览历史。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Piwigo	Piwigo	< 16.3.0	-

II. Public POCs for CVE-2026-27833

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

kimi-k2.5 · 5613 chars

Paid plan includes:

In-depth vulnerability mechanism

Trigger conditions & impact

Full executable POC code

Exploit chain & mitigation

POC zip download

100+ AI POC generations per month

Upgrade Pro to unlock ¥99/month Sign up first

III. Intelligence Information for CVE-2026-27833

Please Login to view more intelligence information

https://nvd.nist.gov/vuln/detail/CVE-2026-27833

IV. Related Vulnerabilities

Same product: Piwigo

Same vendor: Piwigo

Same weakness: CWE-862

V. Comments for CVE-2026-27833

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2026-27833

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-27833

III. Intelligence Information for CVE-2026-27833

IV. Related Vulnerabilities

V. Comments for CVE-2026-27833

Leave a comment