CVE-2026-56767

Maxun before version 0.0.42 is affected by a cross-tenant insecure direct object reference in storage and webhook API handlers. Authenticated users can bypass ownership checks to read other users’ robots and OAuth tokens, including plaintext Google and Airtable tokens, and can modify, delete, or ...

CVE-2026-56767 Maxun < 0.0.42 - Cross-Tenant IDOR in Storage and Webhook API Handlers

Maxun before 0.0.42 contains a cross-tenant insecure direct object reference vulnerability in storage and webhook API handlers that allows authenticated users to access other users' robots and OAuth tokens. Attackers can read plaintext Google and Airtable access tokens, modify, delete, or execute...

CVE-2025-15106

A weakness has been identified in getmaxun maxun up to 0.0.28. The affected element is the function router.get of the file server/src/routes/auth.ts of the component Authentication Endpoint. Executing manipulation can lead to improper authorization. The attack can be executed remotely. The exploi...

Maxun 授权问题漏洞

Maxun is a crawler tool from Maxun open source. An authorization issue vulnerability exists in Maxun 0.0.28 and earlier versions, which stems from an incorrect operation of the function router.get in the file server/src/routes/auth.ts, which could lead to improper authorization...

Maxun 安全漏洞

Maxun is a crawler tool from Maxun open source. A security vulnerability exists in Maxun 0.0.28 and earlier versions, which stems from the incorrect manipulation of the parameter apikey in the file /getmaxun/maxun/blob/develop/server/src/routes/auth.ts, which may result in the use of a hard-coded...