CodeChecker Authentication Bypass Vulnerability Allowing Arbitrary Permission Assignment

Vulnerability

An authentication bypass vulnerability has been identified in CodeChecker versions through 6.27.3. This issue occurs when the URL ends with 'Authentication' and certain function calls are made. Exploiting this vulnerability allows assigning arbitrary permissions to any user existing in CodeChecker.

Impact

Exploitation of this vulnerability allows for authentication bypass, enabling unauthorized permission assignments to users within CodeChecker.

Added: Apr 24, 2026, 2:22 PM

Updated: Apr 24, 2026, 2:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.0

remediation

0.0

relevance

6.6

threat

6.4

urgency

10.0

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.0

remediation

0.0

relevance

6.6

threat

6.4

urgency

10.0

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CodeChecker Authentication Bypass Vulnerability Allowing Arbitrary Permission Assignment

Vulnerability

Impact

Affected Products

Ericsson CodeChecker

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating