CVE-2026-11852

Published: Jun 10, 2026Modified: Jun 10, 2026Deferred

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Exploitability: 3.9 / Impact: 2.5

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Files managed by debusine are organized into artifacts. The endpoints that create and delete relationships between artifacts enforced no permissions checks beyond being able to see the artifacts in question.

Related CWEs

CWE-862

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (3)

https://salsa.debian.org/freexian-team/debusine/-/commit/98104f46dc546a27a0326d5ef728ac7f426c430a

Source: security@debian.org

https://salsa.debian.org/freexian-team/debusine/-/merge_requests/2836

Source: security@debian.org

https://salsa.debian.org/freexian-team/debusine/-/work_items/1499

Source: security@debian.org

Timeline

No history available yet.