CVE-2026-25660 — CRITICAL (9.8)

Q: How severe is CVE-2026-25660?

CVE-2026-25660 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2026-25660?

Check the references section above for vendor advisories and patch information. Affected products include: Ericsson Codechecker.

Vulnerability Description

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the URL ends with Authentication with certain function calls. This bypass allows assigning arbitrary permission to any user existing in CodeChecker. This issue affects CodeChecker: through 6.27.3.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Ericsson	Codechecker	< 6.27.4

Related Weaknesses (CWE)

CWE-863 CWE-290

References

https://github.com/Ericsson/codechecker/security/advisories/GHSA-4v9x-cqc5-j645Vendor Advisory

FAQ

What is CVE-2026-25660?

CVE-2026-25660 is a vulnerability with a CVSS score of 9.8 (CRITICAL). CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the URL ends with Authentication with certain ...

How severe is CVE-2026-25660?

CVE-2026-25660 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2026-25660?

Check the references section above for vendor advisories and patch information. Affected products include: Ericsson Codechecker.