10 matches found
CVE-2026-33326
Keystone is a content management system for Node.js. Prior to version 6.5.2, field.isFilterable access control can be bypassed in findMany queries by passing a cursor. This can be used to confirm the existence of records by protected field values. The fix for CVE-2025-46720 field-level isFilterab...
CVE-2026-33326
Keystone is a content management system for Node.js. Prior to version 6.5.2, field.isFilterable access control can be bypassed in findMany queries by passing a cursor. This can be used to confirm the existence of records by protected field values. The fix for CVE-2025-46720 field-level isFilterab...
CVE-2026-33326
Keystone is a content management system for Node.js. Prior to version 6.5.2, field.isFilterable access control can be bypassed in findMany queries by passing a cursor. This can be used to confirm the existence of records by protected field values. The fix for CVE-2025-46720 field-level isFilterab...
CVE-2026-33326 @keystone-6/core: `isFilterable` bypass via `cursor` parameter in findMany
Keystone is a content management system for Node.js. Prior to version 6.5.2, field.isFilterable access control can be bypassed in findMany queries by passing a cursor. This can be used to confirm the existence of records by protected field values. The fix for CVE-2025-46720 field-level isFilterab...
CVE-2026-33326
Summary: Keystone 6 core prior to 6.5.2 had a bypass in isFilterable for findMany via the cursor parameter, allowing potential disclosure by confirming protected field values. The root cause is that the cursor input type reused UniqueWhere checks not patched by the previous fix for CVE-2025-46720...
CVE-2026-33326 @keystone-6/core: `isFilterable` bypass via `cursor` parameter in findMany
Keystone is a content management system for Node.js. Prior to version 6.5.2, field.isFilterable access control can be bypassed in findMany queries by passing a cursor. This can be used to confirm the existence of records by protected field values. The fix for CVE-2025-46720 field-level isFilterab...
CVE-2026-33326 @keystone-6/core: `isFilterable` bypass via `cursor` parameter in findMany
Keystone is a content management system for Node.js. Prior to version 6.5.2, field.isFilterable access control can be bypassed in findMany queries by passing a cursor. This can be used to confirm the existence of records by protected field values. The fix for CVE-2025-46720 field-level isFilterab...
Keystone 安全漏洞
Keystone is a powerful CMS developed under OpenStack. It helps you build and expand faster than any other CMS or application framework. Versions of Keystone prior to 6.5.2 contained security vulnerabilities. These vulnerabilities stemmed from the findMany query, where the access control mechanism...
GHSA-CGCG-Q9JH-5PR2 @keystone-6/core: `isFilterable` bypass via `cursor` parameter in findMany (CVE-2025-46720 incomplete fix)
Summary field.isFilterable access control can be bypassed in findMany queries by passing a cursor. This can be used to confirm the existence of records by protected field values. The fix for CVE-2025-46720 field-level isFilterable bypass for update and delete mutations added checks to the where...
PT-2026-26483
Name of the Vulnerable Software and Affected Versions Keystone versions prior to 6.5.2 Description Keystone is a content management system for Node.js. An access control bypass exists in findMany queries through the cursor parameter. Specifically, the field.isFilterable access control can be...