CVE-2026-53634

The CVE concerns Sharp (Laravel package) where the Quick Creation Command endpoints (create and store) from version 9.0.0 up to just before 9.22.3 failed to enforce authorization checks. An authenticated Sharp user lacking create permission on a target entity could access the creation form or sub...

CVE-2026-27112 Kargo has an Authorization Bypass Vulnerability in Batch Resource Creation API Endpoints

Kargo manages and automates the promotion of software artifacts. From 1.7.0 to before v1.7.8, v1.8.11, and v1.9.3, the batch resource creation endpoints of both Kargo's legacy gRPC API and newer REST API accept multi-document YAML payloads. Specially crafted payloads can manifest a bug present in...