CVE-2026-7681 | jsbroks COCO Annotator up to 0.11.1 Dataset API datasets.py DatasetId authorization

A vulnerability marked as critical has been reported in jsbroks COCO Annotator up to 0.11.1. Affected by this vulnerability is an unknown functionality of the file backend/webserver/api/datasets.py of the component Dataset API. The manipulation of the argument DatasetId leads to authorization bypass.

This vulnerability is listed as CVE-2026-7681. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-7681 | jsbroks COCO Annotator up to 0.11.1 Dataset API datasets.py DatasetId authorization

Post correlati

CVE-2024-25305 | code-projects Simple School Managment System 1.0 School/index.php username/password improper authentication

CVE-2025-0576 | Mobotix M15 4.3.4.83 p_qual cross site scripting

CVE-2024-32004 | Git Cloning process control (GHSA-xfc6-vwr8-r389)

CVE-2024-34619 | Samsung Devices librtp.so improper validation of consistency within input