2 matches found
CVE-2026-22784 Lychee cross-album password propagation on Album unlocking
Lychee is a free, open-source photo-management tool. Prior to 7.1.0, an authorization vulnerability exists in Lychee's album password unlock functionality that allows users to gain possibly unauthorized access to other users' password-protected albums. When a user unlocks a password-protected...
CVE-2026-22784
Lychee (pre-7.1.0) has an authorization vulnerability in the album password unlock feature: unlocking a password-protected public album automatically unlocks all other public albums sharing the same password, causing cross-album access and potential unauthorized view of protected albums. The issu...