VYPR
High severityNVD Advisory· Published Mar 20, 2026· Updated Mar 20, 2026

Frigate Broken Access Control: Users assigned the viewer role can delete admin and other low-privileged accounts

CVE-2026-33125

Description

Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. In versions 0.16.2 and below, users with the viewer role can delete admin and low-privileged user accounts. Exploitation can lead to DoS and affect data integrity. This issue has been patched in version 0.16.3.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
frigatePyPI
>= 0

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.