2 matches found
CVE-2026-22660
creationtimestamp| type| source ---|---|--- 2026-07-10 18:48:16+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqcsrjjulo27...
CVE-2026-22660 FlaskBB Logic Flaw Authorization Group Deletion via Bulk AJAX Endpoint
FlaskBB through 2.2.0, fixed in commit a5da9a5, contains a logic flaw vulnerability that allows authenticated administrators to delete all built-in authorization groups by exploiting a type mismatch in the bulk delete protection check. The bulk AJAX endpoint in the management views compares...