Authorization Bypass

com.arcadedb, arcadedb-server is vulnerable to Authorization Bypass. The vulnerability is due to improper initialization of access controls and missing security configuration during database creation, which allows an attacker to bypass database and record-level authorization restrictions...

com.arcadedb:arcadedb-bolt (>=26.2.1 <=26.3.2), com.arcadedb:arcadedb-graphql (>=26.1.1 <=26.3.2) +9 more potentially affected by CVE-2026-44221 via com.arcadedb:arcadedb-server (>=26.1.1 <=26.3.2)

com.arcadedb:arcadedb-server MAVEN version =26.1.1, =26.2.1, =26.1.1, =26.1.1, =26.1.1, =26.1.1, =26.1.1, =26.1.1, =26.1.1, =26.1.1, =26.1.1, =26.3.2 - io.github.mdre:adbogm =0.9.0.6 Source cves: CVE-2026-44221 Source advisory: SNYK:JAVA-COMARCADEDB-16638650...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization n the ServerSecurityUser.getDatabaseUser and ArcadeDBServer.createDatabase processes. An attacker can gain unauthorized access to read, write, and modify schema and data across databases by exploiting improper...

com.arcadedb:arcadedb-bolt (>=26.2.1 <=26.3.2), com.arcadedb:arcadedb-coverage (>=21.9.1 <=25.4.1) +10 more potentially affected by CVE-2026-44221 via com.arcadedb:arcadedb-server (>=21.10.1 <=26.3.2)

com.arcadedb:arcadedb-server MAVEN version =21.10.1, =26.2.1, =21.9.1, =21.12.1, =24.11.1, =25.9.1, =25.1.1, =21.9.1, =21.9.1, =21.9.1, =21.9.1, =25.11.1, =26.3.2 - io.github.mdre:adbogm =0.9.0.6 Source cves: CVE-2026-44221 Source advisory: OSV:GHSA-FXC7-FM93-6Q77...