Description
Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, In affected versions, the issue list view authorizes access through the project in the URL, but applies the requested bulk action to the submitted issue IDs without also requiring those issues to belong to that project. This vulnerability is fixed in 2.2.0.
Published: 2026-05-26
Score: 3.1 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-g5vc-q7qc-v939 Bugsink: Issue bulk actions can affect another project’s issue if its UUID is known
History

Wed, 27 May 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 26 May 2026 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Bugsink
Bugsink bugsink
Vendors & Products Bugsink
Bugsink bugsink

Tue, 26 May 2026 17:00:00 +0000

Type Values Removed Values Added
Description Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, In affected versions, the issue list view authorizes access through the project in the URL, but applies the requested bulk action to the submitted issue IDs without also requiring those issues to belong to that project. This vulnerability is fixed in 2.2.0.
Title Bugsink: Issue bulk actions can affect another project’s issue if its UUID is known
Weaknesses CWE-639
References
Metrics cvssV3_1

{'score': 3.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-27T13:45:33.896Z

Reserved: 2026-05-19T21:29:25.482Z

Link: CVE-2026-47716

cve-icon Vulnrichment

Updated: 2026-05-27T13:45:28.530Z

cve-icon NVD

Status : Deferred

Published: 2026-05-26T17:16:52.957

Modified: 2026-06-17T10:54:38.343

Link: CVE-2026-47716

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T18:45:13Z

Weaknesses