CVE-2026-46645

MEDIUM 4.3

SQLAdmin: Authorization Bypass on `ajax_lookup`

CVSS Score

4.3

EPSS Score

0.0%

EPSS Percentile

0th

SQLAdmin is a flexible Admin interface for SQLAlchemy models. Prior to version 0.25.1, the ajax_lookup endpoint in application.py bypasses the is_accessible() access control check that all other endpoints enforce. If a developer restricts model access by overriding is_accessible(), an authenticated user can still query that model's data through the ajax_lookup endpoint — silently bypassing the restriction. This issue has been patched in version 0.25.1.

CWE	CWE-862
Vendor	smithyhq
Product	sqladmin
Published	Jun 10, 2026

Stay Ahead of the Next One

Get instant alerts for smithyhq sqladmin

Be the first to know when new medium vulnerabilities affecting smithyhq sqladmin are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Affected Versions

smithyhq / sqladmin

< 0.25.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/smithyhq/sqladmin/security/advisories/GHSA-54mc-gghv-4cfj github.com: https://github.com/smithyhq/sqladmin/pull/1035 github.com: https://github.com/smithyhq/sqladmin/commit/b0d3a19fb9b074a9ed243de46930108375dfbb98 github.com: https://github.com/smithyhq/sqladmin/releases/tag/0.25.1