Primary

Context

PEAR Roadmap Authorization Bypass Vulnerability Allowing Privilege Escalation

Vulnerability

Patched

A logic bug has been identified in PEAR versions prior to 1.33.0, allowing non-lead maintainers to create, update, or delete roadmaps. This vulnerability arises from an incorrect evaluation of the roadmap role check, which enables unauthorized users to manipulate roadmap data.

Impact

Exploitation of this vulnerability bypasses authorization checks, leading to unauthorized management of roadmaps.

Remediation

Users can upgrade to PEAR version 1.33.0 or later to address this vulnerability.

Added: Feb 3, 2026, 7:34 PM

Updated: Feb 3, 2026, 7:34 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

2.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

2.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PEAR Roadmap Authorization Bypass Vulnerability Allowing Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

PEAR

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating