CVE-2026-25660

UNKNOWN 0.0

Authentication bypass for certain API calls

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the URL ends with Authentication with certain function calls. This bypass allows assigning arbitrary permission to any user existing in CodeChecker. This issue affects CodeChecker: through 6.27.3.

CWE	CWE-290 CWE-863
Vendor	ericsson
Product	codechecker
Published	Apr 24, 2026
Last Updated	Apr 24, 2026

Stay Ahead of the Next One

Get instant alerts for ericsson codechecker

Be the first to know when new unknown vulnerabilities affecting ericsson codechecker are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Ericsson / CodeChecker

0 ≤ 6.27.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/Ericsson/codechecker/security/advisories/GHSA-4v9x-cqc5-j645

Credits

Scott Tolley