Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Wed, 08 Jul 2026 17:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Blakeblackshear
Blakeblackshear frigate |
|
| Vendors & Products |
Blakeblackshear
Blakeblackshear frigate |
Wed, 08 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 08 Jul 2026 15:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Frigate is an open source network video recorder. In version 0.17.1, the GET /api/logs/{service} endpoint allows any authenticated user including the viewer role to download Frigate and nginx logs, exposing auto-generated admin passwords and camera credentials logged in request query strings and enabling viewer-to-admin privilege escalation. A fixed release has not been identified. | |
| Title | Frigate viewer can read logs exposing admin and camera credentials | |
| Weaknesses | CWE-269 CWE-532 CWE-598 CWE-863 |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-08T15:20:23.777Z
Reserved: 2026-06-15T20:16:46.199Z
Link: CVE-2026-54652
Updated: 2026-07-08T15:20:18.921Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-08T16:45:03Z