CRITICALVulnerability
Verified
Global

NVD CRITICAL: CVE-2026-56782 — Gorse before 0.5.10 contains an authentication bypass vulnerability in the /api/...

·Source: NIST NVD

Updated:

Executive Summary

Gorse before 0.5.10 contains an authentication bypass vulnerability in the /api/dump and /api/restore endpoints that allows unauthenticated attackers to access protected functionality when admin_api_key is empty, which is the default configuration. Remote attackers can exfiltrate the entire database including user records, items, and feedback data containing personally identifiable information, or

Analysis

Gorse before 0.5.10 contains an authentication bypass vulnerability in the /api/dump and /api/restore endpoints that allows unauthenticated attackers to access protected functionality when admin_api_key is empty, which is the default configuration. Remote attackers can exfiltrate the entire database including user records, items, and feedback data containing personally identifiable information, or completely overwrite the dataset without authentication. CVSS Score: 9.8. Published: 2026-06-29T18:16:38.817.

Indicators of Compromise (1)

CVE (1)
CVE-2026-56782
Source Attribution

Originally published by NIST NVD on Jun 29, 2026. Verified by: NIST.

Related Threats