CVE-2026-33125: Frigte has broken access control viewer user can delete admin and other users account

March 18, 2026 (updated March 20, 2026)

Users with the viewer role can delete admin and other users account. It this leads to denial of service and affects data integrity.

References

github.com/advisories/GHSA-vg28-83rp-8xx4
github.com/blakeblackshear/frigate
github.com/blakeblackshear/frigate/releases/tag/v0.16.3
github.com/blakeblackshear/frigate/security/advisories/GHSA-vg28-83rp-8xx4
nvd.nist.gov/vuln/detail/CVE-2026-33125

Code Behaviors & Features

Detect and mitigate CVE-2026-33125 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →