CVE-2026-25660

Authentication bypass for certain API calls

Description

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the URL ends with Authentication with certain function calls. This bypass allows assigning arbitrary permission to any user existing in CodeChecker. This issue affects CodeChecker: through 6.27.3.

INFO

Published Date :

2026-04-24T13:10:26.171Z

Last Modified :

2026-04-24T13:51:11.174Z

Source :

ERIC

AFFECTED PRODUCTS

The following products are affected by CVE-2026-25660 vulnerability.

Vendors	Products
Ericsson	Codechecker

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-25660.

URL	Resource
https://github.com/Ericsson/codechecker/security/advisories/GHSA-4v9x-cqc5-j645

CVSS Vulnerability Scoring System

V4
V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact