CVE-2026-25660: Codechecker has an authentication bypass for certain API calls

May 5, 2026

Authentication bypass occurs when the URL ends with Authentication with certain function calls. This bypass allows assigning arbitrary permissions to any existing user in CodeChecker.

References

github.com/Ericsson/codechecker
github.com/Ericsson/codechecker/security/advisories/GHSA-4v9x-cqc5-j645
github.com/advisories/GHSA-4v9x-cqc5-j645
nvd.nist.gov/vuln/detail/CVE-2026-25660

Code Behaviors & Features

Detect and mitigate CVE-2026-25660 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →