CVE-2026-23896
CVE-2026-23896 impacts Immich self-hosted photo/video management. Prior to version 2.5.0, API keys could escalate permissions by abusing the update endpoint, enabling a low-privilege API key to grant itself full administrative access. Red Hat/NVD and other sources corroborate this description, wi...