High severityNVD Advisory· Published Mar 20, 2026· Updated Mar 20, 2026
Frigate Broken Access Control: Users assigned the viewer role can delete admin and other low-privileged accounts
CVE-2026-33125
Description
Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. In versions 0.16.2 and below, users with the viewer role can delete admin and low-privileged user accounts. Exploitation can lead to DoS and affect data integrity. This issue has been patched in version 0.16.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
frigatePyPI | >= 0 | — |
Affected products
2- Range: < 0.16.3
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-vg28-83rp-8xx4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-33125ghsaADVISORY
- github.com/blakeblackshear/frigate/releases/tag/v0.16.3ghsax_refsource_MISCWEB
- github.com/blakeblackshear/frigate/security/advisories/GHSA-vg28-83rp-8xx4ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.