2 matches found
CVE-2026-57951
creationtimestamp| type| source ---|---|--- 2026-06-29 18:42:13+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mph5ckshvh2o 2026-06-29 21:17:30+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mphfyab5j72k...
CVE-2026-57951 Mythic < 3.4.0.60 - Broken Permission Filter in payload_build_step Table
Mythic before 3.4.0.60 contains a broken hasura permission filter on the payloadbuildstep table with an always-satisfied or condition that bypasses operation-scoped access controls. Authenticated operators and spectators can query payloadbuildstep to read stepstdout, stepstderr, stepname, and...