CVE-2026-3209
fosrl Pangolin Role verifyApiKeyRoleAccess access control
CVSS Score
6.3
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability has been found in fosrl Pangolin up to 1.15.4-s.3. This affects the function verifyRoleAccess/verifyApiKeyRoleAccess of the component Role Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. Upgrading to version 1.15.4-s.4 mitigates this issue. The identifier of the patch is 5e37c4e85fae68e756be5019a28ca903b161fdd5. Upgrading the affected component is advised.
| CWE | CWE-284 CWE-266 |
| Vendor | fosrl |
| Product | pangolin |
| Published | Feb 25, 2026 |
| Last Updated | Mar 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for fosrl pangolin
Be the first to know when new medium vulnerabilities affecting fosrl pangolin are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
fosrl / Pangolin
1.15.4-s.0 1.15.4-s.1 1.15.4-s.2 1.15.4-s.3
References
vuldb.com: https://vuldb.com/?id.347796 vuldb.com: https://vuldb.com/?ctiid.347796 vuldb.com: https://vuldb.com/?submit.765676 vuldb.com: https://vuldb.com/?submit.766215 gist.github.com: https://gist.github.com/henrrrychau/0457bef6776d0c99688f9cf55cdf55f7 github.com: https://github.com/fosrl/pangolin/pull/2511 github.com: https://github.com/fosrl/pangolin/commit/5e37c4e85fae68e756be5019a28ca903b161fdd5 github.com: https://github.com/fosrl/pangolin/releases/tag/1.15.4-s.4 github.com: https://github.com/fosrl/pangolin/
Credits
๐ h3nrrrych4u (VulDB User) h3nrrrych4u (VulDB User)